1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-11 18:38:00 +00:00
Commit Graph

1456 Commits

Author SHA1 Message Date
Simon Tatham
461ade43d1 Return an error message from x11_setup_display.
The lack of one of those has been a long-standing FIXME for ages.
2018-10-06 11:10:13 +01:00
Simon Tatham
9396fcc9f7 Rename FROMFIELD to 'container_of'.
Ian Jackson points out that the Linux kernel has a macro of this name
with the same purpose, and suggests that it's a good idea to use the
same name as they do, so that at least some people reading one code
base might recognise it from the other.

I never really thought very hard about what order FROMFIELD's
parameters should go in, and therefore I'm pleasantly surprised to
find that my order agrees with the kernel's, so I don't have to
permute every call site as part of making this change :-)
2018-10-06 07:28:51 +01:00
Simon Tatham
ed652a70e8 Get rid of #ifdef DEFINE_PLUG_METHOD_MACROS.
I don't actually know why this was ever here; it appeared in the very
first commit that invented Plug in the first place (7b0e08270) without
explanation. Perhaps Dave's original idea was that sometimes you'd
need those macros _not_ to be defined so that the same names could be
reused as the methods for a particular Plug instance? But I don't
think that ever actually happened, and the code base builds just fine
with those macros defined unconditionally just like all the other sets
of method macros we now have, so let's get rid of this piece of cruft
that was apparently unnecessary all along.
2018-10-06 07:28:51 +01:00
Simon Tatham
884a7df94b Make Socket and Plug into structs.
I think that means that _every_ one of my traitoids is now a struct
containing a vtable pointer as one of its fields (albeit sometimes the
only field), and never just a bare pointer.
2018-10-06 07:28:51 +01:00
Simon Tatham
b798230844 Name vtable structure types more consistently.
Now they're all called FooVtable, instead of a mixture of that and
Foo_vtable.
2018-10-06 07:28:51 +01:00
Simon Tatham
e0130a48ca Switch the unifont system over to using FROMFIELD.
Now that I'm doing that in so many of the new classes as a more
type-safe alternative to ordinary C casts, I should make sure all the
old code is also reaping the benefits. This commit converts the system
of unifont vtables in the GTK front end, and also the 'unifontsel'
structure that exposes only a few of its fields outside gtkfont.c.
2018-10-06 07:28:51 +01:00
Simon Tatham
96ec2c2500 Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.

All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.

A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 19:10:23 +01:00
Simon Tatham
5a6608bda8 Unix GUI: honour 'no close on exit' for connection_fatal.
It was being treated like an application-fatal message box even if
you'd configured the window not to close on an unclean exit.
2018-09-28 19:23:08 +01:00
Simon Tatham
7cd425abab uxproxy: close input pipes that have seen EOF on read.
Otherwise we loop round repeatedly with the event loop continuing to
report the same EOF condition on them over and over again, consuming
CPU pointlessly and probably causing other knock-on trouble too.
2018-09-28 19:23:08 +01:00
Simon Tatham
3085e74807 GTK uxsel handling: lump G_IO_HUP into G_IO_IN.
Without this, we don't receive EOF notifications on pipes, because gtk
uses poll rather than select, which separates those out into distinct
event types.
2018-09-28 19:23:08 +01:00
Simon Tatham
32a0de93bc Defer error callback from localproxy_try_send.
If you call plug_closing directly from localproxy_try_send, which can
in turn be called directly from sk_write, then the plug's
implementation of plug_closing may well free things that the caller of
sk_write expected not to have vanished.

The corresponding routine in uxnet.c pushes that call to plug_closing
into a toplevel callback, so let's do that here too.
2018-09-28 19:23:05 +01:00
Jonathan Liu
b5c840431a Suppress strncpy truncation warnings with GCC 8 and later.
These warnings are bogus as the code is correct so we suppress them in
the places they occur.
2018-09-26 14:40:26 +01:00
Simon Tatham
f4fbaa1bd9 Rework special-commands system to add an integer argument.
In order to list cross-certifiable host keys in the GUI specials menu,
the SSH backend has been inventing new values on the end of the
Telnet_Special enumeration, starting from the value TS_LOCALSTART.
This is inelegant, and also makes it awkward to break up special
handlers (e.g. to dispatch different specials to different SSH
layers), since if all you know about a special is that it's somewhere
in the TS_LOCALSTART+n space, you can't tell what _general kind_ of
thing it is. Also, if I ever need another open-ended set of specials
in future, I'll have to remember which TS_LOCALSTART+n codes are in
which set.

So here's a revamp that causes every special to take an extra integer
argument. For all previously numbered specials, this argument is
passed as zero and ignored, but there's a new main special code for
SSH host key cross-certification, in which the integer argument is an
index into the backend's list of available keys. TS_LOCALSTART is now
a thing of the past: if I need any other open-ended sets of specials
in future, I can add a new top-level code with a nicely separated
space of arguments.

While I'm at it, I've removed the legacy misnomer 'Telnet_Special'
from the code completely; the enum is now SessionSpecialCode, the
struct containing full details of a menu entry is SessionSpecial, and
the enum values now start SS_ rather than TS_.
2018-09-24 09:43:39 +01:00
Simon Tatham
e230751853 Remove FLAG_STDERR completely.
Originally, it controlled whether ssh.c should send terminal messages
(such as login and password prompts) to terminal.c or to stderr. But
we've had the from_backend() abstraction for ages now, which even has
an existing flag to indicate that the data is stderr rather than
stdout data; applications which set FLAG_STDERR are precisely those
that link against uxcons or wincons, so from_backend will do the
expected thing anyway with data sent to it with that flag set. So
there's no reason ssh.c can't just unconditionally pass everything
through that, and remove the special case.

FLAG_STDERR was also used by winproxy and uxproxy to decide whether to
capture standard error from a local proxy command, or whether to let
the proxy command send its diagnostics directly to the usual standard
error. On reflection, I think it's better to unconditionally capture
the proxy's stderr, for three reasons. Firstly, it means proxy
diagnostics are prefixed with 'proxy:' so that you can tell them apart
from any other stderr spew (which used to be particularly confusing if
both the main application and the proxy command were instances of
Plink); secondly, proxy diagnostics are now reliably copied to packet
log files along with all the other Event Log entries, even by
command-line tools; and thirdly, this means the option to suppress
proxy command diagnostics after the main session starts will actually
_work_ in the command-line tools, which it previously couldn't.

A more minor structure change is that copying of Event Log messages to
stderr in verbose mode is now done by wincons/uxcons, instead of
centrally in logging.c (since logging.c can now no longer check
FLAG_STDERR to decide whether to do it). The total amount of code to
do this is considerably smaller than the defensive-sounding comment in
logevent.c explaining why I did it the other way instead :-)
2018-09-21 16:46:03 +01:00
Simon Tatham
63a14f26f7 Rework handling of untrusted terminal data.
Now there's a centralised routine in misc.c to do the sanitisation,
which copies data on to an outgoing bufchain. This allows me to remove
from_backend_untrusted() completely from the frontend API, simplifying
code in several places.

Two use cases for untrusted-terminal-data sanitisation were in the
terminal.c prompts handler, and in the collection of SSH-2 userauth
banners. Both of those were writing output to a bufchain anyway, so
it was very convenient to just replace a bufchain_add with
sanitise_term_data and then not have to worry about it again.

There was also a simplistic sanitiser in uxcons.c, which I've now
replaced with a call to the good one - and in wincons.c there was a
FIXME saying I ought to get round to that, which now I have!
2018-09-19 23:08:28 +01:00
Simon Tatham
aa08e6ca91 Put a layer of abstraction in front of struct ssh_channel.
Clients outside ssh.c - all implementations of Channel - will now not
see the ssh_channel data type itself, but only a subobject of the
interface type SshChannel. All the sshfwd_* functions have become
methods in that interface type's vtable (though, wrapped in the usual
kind of macros, the call sites look identical).

This paves the way for me to split up the SSH-1 and SSH-2 connection
layers and have each one lay out its channel bookkeeping structure as
it sees fit; as long as they each provide an implementation of the
sshfwd_ method family, the types behind that need not look different.

A minor good effect of this is that the sshfwd_ methods are no longer
global symbols, so they don't have to be stubbed in Unix Pageant to
get it to compile.
2018-09-19 23:08:27 +01:00
Simon Tatham
733fcca2cd Invent structure tags for the storage.h abstractions.
Most of these were 'void *' because they weren't even reliably a
structure type underneath - the per-OS storage systems would directly
cast read/write/enum settings handles to and from random things like
FILE *, Unix DIR *, or Windows HKEY. So I've wrapped them in tiny
structs for the sake of having a sensible structure tag visible
elsewhere in the code.
2018-09-19 23:08:07 +01:00
Simon Tatham
7efa4a5305 Clean up a 'void *' in a unix.h typedef.
'struct draw_ctx' has a structure tag inside gtkwin.c, so as per this
week's standard practice, let's expose the tag elsewhere so that
pointers declared that way can't be confused with anything else.
2018-09-19 23:08:07 +01:00
Simon Tatham
3aae1f9d76 Expose the structure tag 'dlgparam'.
This continues my ongoing crusade against dangerous 'void *'
parameters.
2018-09-19 23:08:07 +01:00
Simon Tatham
08b43c0cca Expose structure tags for the connection-sharing data types.
This was a particularly confusing piece of type-danger, because three
different types were passed outside sshshare.c as 'void *' and only
human vigilance prevented one coming back as the wrong one. Now they
all keep their opaque structure tags when they move through other
parts of the code.
2018-09-19 23:08:07 +01:00
Simon Tatham
6a8b9d3813 Replace enum+union of local channel types with a vtable.
There's now an interface called 'Channel', which handles the local
side of an SSH connection-layer channel, in terms of knowing where to
send incoming channel data to, whether to close the channel, etc.

Channel and the previous 'struct ssh_channel' mutually refer. The
latter contains all the SSH-specific parts, and as much of the common
logic as possible: in particular, Channel doesn't have to know
anything about SSH packet formats, or which SSH protocol version is in
use, or deal with all the fiddly stuff about window sizes - with the
exception that x11fwd.c's implementation of it does have to be able to
ask for a small fixed initial window size for the bodgy system that
distinguishes upstream from downstream X forwardings.

I've taken the opportunity to move the code implementing the detailed
behaviour of agent forwarding out of ssh.c, now that all of it is on
the far side of a uniform interface. (This also means that if I later
implement agent forwarding directly to a Unix socket as an
alternative, it'll be a matter of changing just the one call to
agentf_new() that makes the Channel to plug into a forwarding.)
2018-09-19 23:08:04 +01:00
Simon Tatham
8dfb2a1186 Introduce a typedef for frontend handles.
This is another major source of unexplained 'void *' parameters
throughout the code.

In particular, the currently unused testback.c actually gave the wrong
pointer type to its internal store of the frontend handle - it cast
the input void * to a Terminal *, from which it got implicitly cast
back again when calling from_backend, and nobody noticed. Now it uses
the right type internally as well as externally.
2018-09-19 22:10:58 +01:00
Simon Tatham
eefebaaa9e Turn Backend into a sensible classoid.
Nearly every part of the code that ever handles a full backend
structure has historically done it using a pair of pointer variables,
one pointing at a constant struct full of function pointers, and the
other pointing to a 'void *' state object that's passed to each of
those.

While I'm modernising the rest of the code, this seems like a good
time to turn that into the same more or less type-safe and less
cumbersome system as I'm using for other parts of the code, such as
Socket, Plug, BinaryPacketProtocol and so forth: the Backend structure
contains a vtable pointer, and a system of macro wrappers handles
dispatching through that vtable.
2018-09-19 22:10:58 +01:00
Simon Tatham
3814a5cee8 Make 'LogContext' a typedef visible throughout the code.
Same principle again - the more of these structures have globally
visible tags (even if the structure contents are still opaque in most
places), the fewer of them I can mistake for each other.
2018-09-19 22:10:57 +01:00
Simon Tatham
e72e8ebe59 Expose the Ldisc structure tag throughout the code.
That's one fewer anonymous 'void *' which might be accidentally
confused with some other pointer type if I misremember the order of
function arguments.

While I'm here, I've made its pointer-nature explicit - that is,
'Ldisc' is now a typedef for the structure type itself rather than a
pointer to it. A stylistic change only, but it feels more natural to
me these days for a thing you're going to eventually pass to a 'free'
function.
2018-09-19 22:10:57 +01:00
Simon Tatham
6c924ba862 GPG key rollover.
This commit adds the new ids and fingerprints in the keys appendix of
the manual, and moves the old ones down into the historic-keys
section. I've tweaked a few pieces of wording for ongoing use, so that
they don't imply a specific number of past key rollovers.

The -pgpfp option in all the tools now shows the new Master Key
fingerprint and the previous (2015) one. I've adjusted all the uses of
the #defines in putty.h so that future rollovers should only have to
modify the #defines themselves.

Most importantly, sign.sh bakes in the ids of the current release and
snapshot keys, so that snapshots will automatically be signed with the
new snapshot key and the -r option will invoke the new release key.
2018-08-25 14:38:47 +01:00
Simon Tatham
452114c3d3 New memory management macro 'snew_plus'.
This formalises my occasional habit of using a single malloc to make a
block that contains a header structure and a data buffer that a field
of the structure will point to, allowing it to be freed in one go
later. Previously I had to do this by hand, losing the type-checking
advantages of snew; now I've written an snew-style macro to do the
job, plus an accessor macro to cleanly get the auxiliary buffer
pointer afterwards, and switched existing instances of the pattern
over to using that.
2018-06-06 07:22:06 +01:00
Simon Tatham
0603256964 Unix Pageant: add alias '-L' for '--private-openssh'.
Matches the -L option in Unix PuTTYgen, and is much easier to type.
2018-06-03 16:52:25 +01:00
Simon Tatham
025599ec99 Unix PuTTYgen: switch to /dev/urandom by default.
The general wisdom these days - in particular as given by the Linux
urandom(4) man page - seems to be that there's no need to use the
blocking /dev/random any more unless you're running at very early boot
time when the system random pool is at serious risk of not having any
entropy in it at all.

In case of non-Linux systems that don't think /dev/urandom is a
standard name, I fall back to /dev/random if /dev/urandom can't be
found.
2018-06-03 15:15:51 +01:00
Simon Tatham
7f56e1e365 Remove 'keystr' parameter in get_rsa_ssh1_pub.
This parameter returned a substring of the input, which was used for
two purposes. Firstly, it was used to hash the host and server keys
during the initial SSH-1 key setup phase; secondly, it was used to
check the keys in Pageant against the public key blob of a key
specified on the command line.

Unfortunately, those two purposes didn't agree! The first one needs
just the bare key modulus bytes (without even the SSH-1 mpint length
header); the second needs the entire key blob. So, actually, it seems
to have never worked in SSH-1 to say 'putty -i keyfile' and have PuTTY
find that key in Pageant and not have to ask for the passphrase to
decrypt the version on disk.

Fixed by removing that parameter completely, which simplifies all the
_other_ call sites, and replacing it by custom code in those two
places that each does the actually right thing.
2018-06-03 08:24:59 +01:00
Simon Tatham
6dc6392596 Remove obsolete functions.
There are several old functions that the previous commits have removed
all, or nearly all, of the references to. match_ssh_id is superseded
by ptrlen_eq_string; get_ssh_{string,uint32} is yet another replicated
set of decode functions (this time _partly_ centralised into misc.c);
the old APIs for the SSH-1 RSA decode functions are gone (together
with their last couple of holdout clients), as are
ssh{1,2}_{read,write}_bignum and ssh{1,2}_bignum_length.

Particularly odd was the use of ssh1_{read,write}_bignum in the SSH-2
Diffie-Hellman implementation. I'd completely forgotten I did that!
Now replaced with a raw bignum_from_bytes, which is simpler anyway.
2018-06-02 18:24:12 +01:00
Simon Tatham
876e1589f8 Rewrite conf deserialisation using BinarySource.
Like the corresponding rewrite of conf serialisation, this affects not
just conf_deserialise itself but also the per-platform filename and
fontspec deserialisers.
2018-06-02 17:52:48 +01:00
Simon Tatham
5129c40bea Modernise the Socket/Plug vtable system.
Now I've got FROMFIELD, I can rework it so that structures providing
an implementation of the Socket or Plug trait no longer have to have
the vtable pointer as the very first thing in the structure. In
particular, this means that the ProxySocket structure can now directly
implement _both_ the Socket and Plug traits, which is always
_logically_ how it's worked, but previously it had to be implemented
via two separate structs linked to each other.
2018-05-27 15:28:54 +01:00
Simon Tatham
7babe66a83 Make lots of generic data parameters into 'void *'.
This is a cleanup I started to notice a need for during the BinarySink
work. It removes a lot of faffing about casting things to char * or
unsigned char * so that some API will accept them, even though lots of
such APIs really take a plain 'block of raw binary data' argument and
don't care what C thinks the signedness of that data might be - they
may well reinterpret it back and forth internally.

So I've tried to arrange for all the function call APIs that ought to
have a void * (or const void *) to have one, and those that need to do
pointer arithmetic on the parameter internally can cast it back at the
top of the function. That saves endless ad-hoc casts at the call
sites.
2018-05-26 09:22:43 +01:00
Simon Tatham
c9bad331e6 Centralise TRUE and FALSE definitions into defs.h.
This removes a lot of pointless duplications of those constants.

Of course, _ideally_, I should upgrade to C99 bool throughout the code
base, replacing TRUE and FALSE with true and false and tagging
variables explicitly as bool when that's what they semantically are.
But that's a much bigger piece of work, and shouldn't block this
trivial cleanup!
2018-05-26 09:19:39 +01:00
Simon Tatham
0c44fa85df Build outgoing SSH agent requests in a strbuf.
This simplifies the client code both in ssh.c and in the client side
of Pageant.

I've cheated a tiny bit by preparing agent requests in a strbuf that
has space reserved at the front for the packet frame, which makes life
easier for the code that sends them off.
2018-05-25 14:36:16 +01:00
Simon Tatham
67de463cca Change ssh.h crypto APIs to output to BinarySink.
This affects all the functions that generate public and private key
and signature blobs of all kinds, plus ssh_ecdhkex_getpublic. Instead
of returning a bare block of memory and taking an extra 'int *length'
parameter, all these functions now write to a BinarySink, and it's the
caller's job to have prepared an appropriate one where they want the
output to go (usually a strbuf).

The main value of this change is that those blob-generation functions
were chock full of ad-hoc length-counting and data marshalling. You
have only to look at rsa2_{public,private}_blob, for example, to see
the kind of thing I was keen to get rid of!
2018-05-25 14:36:16 +01:00
Simon Tatham
a990738aca Use the BinarySink system for conf serialisation.
Now instead of iterating through conf twice in separate functions,
once to count up the size of the serialised data and once to write it
out, I just go through once and dump it all in a strbuf.

(Of course, I could still do a two-pass count-then-allocate approach
easily enough in this system; nothing would stop me writing a
BinarySink implementation that didn't actually store any data and just
counted its size, and then I could choose at each call site whether I
preferred to do it that way.)
2018-05-25 14:36:16 +01:00
Simon Tatham
4988fd410c Replace all uses of SHA*_Bytes / MD5Update.
In fact, those functions don't even exist any more. The only way to
get data into a primitive hash state is via the new put_* system. Of
course, that means put_data() is a viable replacement for every
previous call to one of the per-hash update functions - but just
mechanically doing that would have missed the opportunity to simplify
a lot of the call sites.
2018-05-25 14:36:16 +01:00
Simon Tatham
12b38ad9e1 New header file 'defs.h'.
This centralises a few things that multiple header files were
previously defining, and were protecting against each other's
redefinition with ifdefs - small things like structs and typedefs. Now
all those things are in a defs.h which is by definition safe to
include _first_ (out of all the codebase-local headers) and only need
to be defined once.
2018-05-25 14:12:44 +01:00
Simon Tatham
7e8ae41a3f Clean up the crufty old SSH-1 RSA API.
Lots of functions had really generic names (like 'makekey'), or names
that missed out an important concept (like 'rsakey_pubblob', which
loads a public blob from a _file_ and doesn't generate it from an
in-memory representation at all). Also, the opaque 'int order' that
distinguishes the two formats of public key blob is now a mnemonic
enumeration, and while I'm at it, rsa_ssh1_public_blob takes one of
those as an extra argument.
2018-05-25 14:08:24 +01:00
Simon Tatham
b8c4d042bd Fix startup hang in Unix file transfer tools.
This seems to be a knock-on effect of my recent reworking of the SSH
code to be based around queues and callbacks. The loop iteration
function in uxsftp.c (ssh_sftp_do_select) would keep going round its
select loop until something had happened on one of its file
descriptors, and then return to the caller in the assumption that the
resulting data might have triggered whatever condition the caller was
waiting for - and if not, then the caller checks, finds nothing
interesting has happened, and resumes looping with no harm done.

But now, when something happens on an fd, it doesn't _synchronously_
trigger the follow-up condition PSFTP was waiting for (which, at
startup time, happens to be back->sendok() starting to return TRUE).
Instead, it schedules a callback, which will schedule a callback,
which ... ends up setting that flag. But by that time, the loop
function has already returned, the caller has found nothing
interesting and resumed looping, and _now_ the interesting thing
happens but it's too late because ssh_sftp_do_select will wait until
the next file descriptor activity before it next returns.

Solution: give run_toplevel_callbacks a return value which says
whether it's actually done something, and if so, return immediately in
case that was the droid the caller was looking for. As it were.
2018-05-24 16:54:16 +01:00
Simon Tatham
9ee6a220e0 GTK: reinstate accidentally removed calls to term_size.
In commit 528513dde I absentmindedly replaced a write to the local
variable 'need_size' of drawing_area_setup with a write to
inst->drawing_area_setup_needed, imagining that they had the same
effect. But actually, need_size was doing two jobs and I only replaced
one of them: it was also the variable that indicated that the logical
terminal size had changed and so we had to call term_size() to make
the terminal.c data structures resize themselves appropriately. The
loss of that call also inhibited generation of SIGWINCH.
2018-05-19 07:38:22 +01:00
Simon Tatham
9d495b2176 Make {term,}get_userpass_input take a bufchain.
NFC for the moment, because the bufchain is always specially
constructed to hold exactly the same data that would have been passed
in to the function as a (pointer,length) pair. But this API change
allows get_userpass_input to express the idea that it consumed some
but not all of the data in the bufchain, which means that later on
I'll be able to point the same function at a longer-lived bufchain
containing the full stream of keyboard input and avoid dropping
keystrokes that arrive too quickly after the end of an interactive
password prompt.
2018-05-18 07:22:57 +01:00
Simon Tatham
a486318dad Remove unused params from cmdline_get_passwd_input.
NFC; I expect this to be a useful simplification for the same reasons
as the previous commit.
2018-05-18 07:22:56 +01:00
Simon Tatham
3692c239d7 Remove unused params from console_get_userpass_input.
NFC: this is a preliminary refactoring, intended to make my life
easier when I start changing around the APIs used to pass user
keyboard input around. The fewer functions even _have_ such an API,
the less I'll have to do at that point.
2018-05-18 07:22:56 +01:00
Simon Tatham
528513ddea GTK: remember to resize backing surface on a font change.
Changing the window's font size with Alt-< or Alt-> was not setting
any of the flags that make drawing_area_setup consider itself to have
been non-spuriously called, so the real window would enlarge without
the backing surface also doing so.
2018-05-17 11:20:01 +01:00
Simon Tatham
4467fa4d2a Unix Pageant: option to behave like ssh-askpass.
Since Pageant contains its own passphrase prompt system rather than
delegating it to another process, it's not trivial to use it in other
contexts. But having gone to the effort of coming up with my own
askpass system that (I think) does a better job at not revealing the
length of the password, I _want_ to use it in other contexts where a
GUI passphrase or password prompt is needed. Solution: an --askpass
option.
2018-05-14 08:08:34 +01:00
Simon Tatham
e6b06c900f Unix Pageant: options to select askpass type.
Mostly for debugging purposes, because I'm tired of having to use
'setsid' to force Pageant to select the GUI passphrase prompt when I'm
trying to fix bugs in gtkask.c. But I can also imagine situations in
which the ability to force a GUI prompt window might be useful to end
users, for example if the process does _technically_ have a
controlling terminal but it's not a user-visible one (say, in the back
end of some automation tool like expect(1)).

For symmetry, I also provide an option to force the tty prompt. That's
less obviously useful, because that's already the preferred prompt
type when both methods are available - so the only use for it would be
if you wanted to ensure that Pageant didn't _accidentally_ try to
launch a GUI prompt, and aborted with an error if it couldn't use a
tty prompt.
2018-05-14 07:41:08 +01:00
Simon Tatham
a3503fd234 gtkask: rework the mechanism for keyboard grabs.
I've found Unix Pageant's GTK password prompt to be a bit flaky on
Ubuntu 18.04. Part of the reason for that seems to be (I _think_) that
GTK has changed its internal order of setting things up, so that you
can no longer call gtk_widget_show_now() and expect that when it
returns everything is ready to do a gdk_seat_grab. Another part is
that - completely mysteriously as far as I can see - a _failed_
gdk_seat_grab(GDK_SEAT_CAPABILITY_KEYBOARD) has the side effect of
calling gdk_window_hide on the window you gave it!

So I've done a considerable restructuring that means we no longer
attempt to do the keyboard grab synchronously in gtk_askpass_setup.
Instead, we make keyboard grab attempts during the run of gtk_main,
scheduling each one on a timer if the previous attempt fails.

This means I need a visual indication of 'not ready for you to type
anything yet', which I've arranged by filling in the three drawing
areas to mid-grey. At the point when the keyboard grab completes and
the window becomes receptive to input, they turn into the usual one
black and two white.
2018-05-13 23:05:46 +01:00
Simon Tatham
383302d70a GTK 3: be aware of the window's scale factor.
In GTK 3.10 and above, high-DPI support is arranged by each window
having a property called a 'scale factor', which translates logical
pixels as seen by most of the GTK API (widget and window sizes and
positions, coordinates in the "draw" event, etc) into the physical
pixels on the screen. This is handled more or less transparently,
except that one side effect is that your Cairo-based drawing code had
better be able to cope with that scaling without getting confused.

PuTTY's isn't, because we do all our serious drawing on a separate
Cairo surface we made ourselves, and then blit subrectangles of that
to the window during updates. This has two bad consequences. Firstly,
our surface has a size derived from what GTK told us the drawing area
size is, i.e. corresponding to GTK's _logical_ pixels, so when the
scale factor is (say) 2, our drawing takes place at half size and then
gets scaled up by the final blit in the draw event, making it look
blurry and unpleasant. Secondly, those final blits seem to end up
offset by half a pixel, so that a second blit over the same
subrectangle doesn't _quite_ completely wipe out the previously
blitted data - so there's a ghostly rectangle left behind everywhere
the cursor has been.

It's not that GTK doesn't _let_ you find out the scale factor; it's
just that it's in an out-of-the-way piece of API that you have to call
specially. So now we do: our backing surface is now created at a pixel
resolution matching the screen's real pixels, and we translate GTK's
scale factor into an ordinary cairo_scale() before we commence
drawing. So we still end up drawing the same text at the same size -
and this strategy also means that non-text elements like cursor
outlines and underlining will be scaled up with the screen DPI rather
than stubbornly staying one physical pixel thick - but now it's nice
and sharp at full screen resolution, and the subrectangle blits in the
draw event are back to affecting the exact set of pixels we expect
them to.

One silly consequence is that, immediately after removing the last
one, I've installed a handler for the GTK "configure-event" signal!
That's because the GTK 3 docs claim that that's how you get notified
that your scale factor has changed at run time (e.g. if you
reconfigure the scale factor of a whole monitor in the GNOME settings
dialog). Actually in practice I seem to find out via the "draw" event
before "configure" bothers to tell me, but now I've got a usefully
idempotent function for 'check whether the scale factor has changed
and sort it out if so', I don't see any harm in calling it from
anywhere it _might_ be useful.
2018-05-11 09:27:57 +01:00
Simon Tatham
1ca03a186f gtkwin: factor out drawing_area_setup_simple().
I'm about to want to do this operation from more places, so here's a
minor NFC refactoring that will simplify the next commit.
2018-05-11 09:27:16 +01:00
Simon Tatham
412dce1e8a Stop using the GTK "configure-event" signal.
I've been using that signal since the very first commit of this source
file, as a combined way to be notified when the size of the drawing
area changes (typically due to user window resizing actions) and also
when the drawing area is first created and available to be drawn on.

Unfortunately, testing on Ubuntu 18.04, I ran into an oddity, in which
the call to gtk_widget_show(inst->window) in new_session_window() has
the side effect of delivering a spurious configure_event on the
drawing area with size 1x46 pixels. This causes the terminal to resize
itself to 1 column wide, and the mistake isn't rectified until a
followup configure-event arrives after new_session_window returns to
the GTK main loop. But that means terminal output can occur between
those two configure events (the connection-sharing "Reusing a shared
connection to host.name" is a good example), and when it does, it gets
embarrassingly wrapped at one character per line down the left column.

I briefly tried to bodge around this by trying to heuristically guess
which configure events were real and which were spurious, but I have
no faith in that strategy continuing to work. I think a better
approach is to abandon configure-event completely, and move to a
system in which the two purposes I was using it for are handled by two
_different_ GTK signals, namely "size-allocate" (for knowing when we
get resized) and "realize" (for knowing when the drawing area
physically exists for us to start setting up Cairo or GDK machinery).

The result seems to have fixed the silly one-column wrapping bug, and
retained the ability to handle window resizes, on every GTK version I
have conveniently available to test on, including GTK 3 both before
and after these spurious configures started to happen.
2018-05-10 20:22:02 +01:00
Simon Tatham
7fee4e9b43 Basic support for running under GDK Wayland back end.
GTK 3 PuTTY/pterm has always assumed that if it was compiled with
_support_ for talking to the raw X11 layer underneath GTK and GDK,
then it was entitled to expect that raw X11 layer to exist at all
times, i.e. that GDK_DISPLAY_XDISPLAY would return a meaningful X
display that it could do useful things with. So if you ran it over the
GDK Wayland backend, it would immediately segfault.

Modern GTK applications need to cope with multiple GDK backends at run
time. It's fine for GTK PuTTY to _contain_ the code to find and use
underlying X11 primitives like the display and the X window id, but it
should be prepared to find that it's running on Wayland (or something
else again!) so those functions don't return anything useful - in
which case it should degrade gracefully to the subset of functionality
that can be accessed through backend-independent GTK calls.

Accordingly, I've centralised the use of GDK_DISPLAY_XDISPLAY into a
support function get_x_display() in gtkmisc.c, which starts by
checking that there actually is one first. All previous direct uses of
GDK_*_XDISPLAY now go via that function, and check the result for NULL
afterwards. (To save faffing about calling that function too many
times, I'm also caching the display pointer in more places, and
passing it as an extra argument to various subfunctions, mostly in
gtkfont.c.)

Similarly, the get_windowid() function that retrieves the window id to
put in the environment of pterm's child process has to be prepared for
there not to be a window id.

This isn't a complete fix for all Wayland-related problems. The other
one I'm currently aware of is that the default font is "server:fixed",
which is a bad default now that it won't be available on all backends.
And I expect that further problems will show up with more testing. But
it's a start.
2018-05-09 09:21:27 +01:00
Simon Tatham
d515e4f1a3 Support GSS key exchange, for Kerberos 5 only.
This is a heavily edited (by me) version of a patch originally due to
Nico Williams and Viktor Dukhovni. Their comments:

 * Don't delegate credentials when rekeying unless there's a new TGT
   or the old service ticket is nearly expired.

 * Check for the above conditions more frequently (every two minutes
   by default) and rekey when we would delegate credentials.

 * Do not rekey with very short service ticket lifetimes; some GSSAPI
   libraries may lose the race to use an almost expired ticket. Adjust
   the timing of rekey checks to try to avoid this possibility.

My further comments:

The most interesting thing about this patch to me is that the use of
GSS key exchange causes a switch over to a completely different model
of what host keys are for. This comes from RFC 4462 section 2.1: the
basic idea is that when your session is mostly bidirectionally
authenticated by the GSSAPI exchanges happening in initial kex and
every rekey, host keys become more or less vestigial, and their
remaining purpose is to allow a rekey to happen if the requirements of
the SSH protocol demand it at an awkward moment when the GSS
credentials are not currently available (e.g. timed out and haven't
been renewed yet). As such, there's no need for host keys to be
_permanent_ or to be a reliable identifier of a particular host, and
RFC 4462 allows for the possibility that they might be purely
transient and only for this kind of emergency fallback purpose.

Therefore, once PuTTY has done a GSS key exchange, it disconnects
itself completely from the permanent host key cache functions in
storage.h, and instead switches to a _transient_ host key cache stored
in memory with the lifetime of just that SSH session. That cache is
populated with keys received from the server as a side effect of GSS
kex (via the optional SSH2_MSG_KEXGSS_HOSTKEY message), and used if
later in the session we have to fall back to a non-GSS key exchange.
However, in practice servers we've tested against do not send a host
key in that way, so we also have a fallback method of populating the
transient cache by triggering an immediate non-GSS rekey straight
after userauth (reusing the code path we also use to turn on OpenSSH
delayed encryption without the race condition).
2018-04-26 07:21:16 +01:00
Simon Tatham
510187a733 Ignore spurious configure_area events.
Colin Watson reports that on pre-releases of Ubuntu 18.04, configure
events which don't actually involve a change of window size show up
annoyingly often. Our handling of configure events involves throwing
away the backing Cairo surface, making a fresh blank one, and
scheduling a top-level callback to get terminal.c to do a repaint and
populate the new surface; so a draw event before that callback occurs
causes the window contents to flicker off and on again, not to mention
wasting a lot of time.

The simplest solution is to spot spurious configures, and respond by
not throwing away the previous Cairo surface in the first place.
2018-04-04 21:04:18 +01:00
Simon Tatham
97a248b463 Use gdk_display_beep() in place of obsolete gdk_beep().
Except in GTK1 (which doesn't have the former), via a gtkcompat.h
workaround.

Up-to-date GTK3 has deprecated gdk_beep(), causing build failures due
to the default -Werror setting.
2018-03-03 18:26:45 +00:00
Simon Tatham
0476ceaa08 GTK1 build fixes.
Looks as if I haven't retried the GTK1 build for a while, and recent
GTK frontend development has broken it. The selection revamp has
pointed out that GTK1 didn't have the accessor function
gtk_selection_data_get_selection(), the standard GdkAtom value
GDK_SELECTION_CLIPBOARD, or keysyms for alphabetic characters; and
also I had an initialisation of one of my own structure fields
(dp->selparams) accidentally not guarded by the same GTK-versioning
ifdef that controls whether or not it was defined.
2018-03-03 18:24:12 +00:00
Simon Tatham
31a2017af5 Add missing casts in dupcat().
Ahem. I _spotted_ this in code review, and forgot to make the change
before pushing!

Because it's legitimate for a C implementation to define 'NULL' so
that it expands to just 0, it follows that if you use NULL in a
variadic argument list where the callee will expect to extract a
pointer, you run the risk of putting an int-sized rather than
pointer-sized argument on the list and causing the consumer to get out
of sync. So you have to add an explicit cast.
2018-02-13 19:45:54 +00:00
Nico Williams
3447047594 Don't grow logevent buf indefinitely
The PuTTY GUIs (Unix and Windows) maintain an in-memory event log
for display to users as they request.  This uses ints for tracking
eventlog size, which is subject to memory exhaustion and (given
enough heap space) overflow attacks by servers (via, e.g., constant
rekeying).

Also a bounded log is more user-friendly.  It is rare to want more
than the initial logging and the logging from a few recent rekey
events.

The Windows fix has been tested using Dr. Memory as a valgrind
substitute.  No errors corresponding to the affected code showed up.
The Dr. Memory results.txt was split into a file per-error and then

    grep Error $(grep -l windlg *)|cut -d: -f3-|sort |uniq -c

was used to compare.  Differences arose from different usage of the GUI,
but no error could be traced to the code modified in this commit.

The Unix fix has been tested using valgrind.  We don't destroy the
eventlog_stuff eventlog arrays, so we can't be entirely sure that we
don't leak more than we did before, but from code inspection it looks
like we don't (and anyways, if we leaked as much as before, just without
the integer overflow, well, that's still an improvement).
2018-02-13 19:28:19 +00:00
Simon Tatham
b4fde270c6 Better file-existence test on Unix.
Now we don't annoyingly print the 'askappend' prompt if you ask a
PuTTY tool to write its packet log to something that's not a regular
file, such as /dev/fd/1 or /dev/tty or a named pipe.

(In the case of a named pipe, another annoyance fixed by this change
is that we also don't open it for reading in the course of the
existence test.)
2018-02-07 07:34:53 +00:00
Simon Tatham
bbebdc8280 Make file-existence test a per-platform function.
NFC in this commit, but this will allow me to do something more subtle
and OS-specific in each OS's implementation of it.
2018-02-07 07:34:53 +00:00
Simon Tatham
83eb8e0109 Build fixes for GTK2.
Apparently I haven't tried a GTK2 build since the most recent set of
GTK-related code reorganisation. Some functions that were ifdef'ed out
in GTK3 builds were now unused even in GTK2 builds (and, because they
were also declared static, caused a -Werror build failure); and the
pointless stub version of gtkapp.c was missing a stub version of a
recently added function referred to from another module.
2018-01-30 19:22:45 +00:00
Jacob Nevins
5f7604888b Let puttyapp/ptermapp build against old Gtk 3.
gtk_application_set_accels_for_action() is new in Gtk 3.12, but (e.g.)
Ubuntu 14.04 LTS still ships with Gtk 3.10.
On the other hand, the function I've used instead,
gtk_application_add_accelerator(), is deprecated from Gtk 3.14 onwards,
indicating that it will disappear in some future version, so I've left
the newer code in against that day.
2017-12-20 11:55:51 +00:00
Simon Tatham
8ec55ef25f osxlaunch: stop setting DYLD_LIBRARY_PATH.
It actually doesn't seem to be necessary: running 'otool -L' on the
real binary in the application bundle (Pterm-bin or PuTTY-bin) lists a
lot of paths starting with "@executable_path/../Resources/", which I
take to mean that the application is already set up to automatically
load the GTK shared libraries out of its own bundle directory, without
me having to give it the extra hint of DYLD_LIBRARY_PATH.

Moreover, I just got round to upgrading my Mac to High Sierra, and now
the version of osxlaunch _with_ DYLD_LIBRARY_PATH is causing a crash
at program load time, when the libpng in the MacOS system library
directory tries to use the libz in the application bundle and finds
that it doesn't provide an entry point it was expecting
('inflateValidate'). I could try to fix that by updating the libz
version in my OS X PuTTY build environment, but that seems to me to
set a precedent of running to keep up with any further dependencies
the system libraries happen to acquire in later releases. Better to
reset DYLD_LIBRARY_PATH so that the system libpng will load the system
libz and not get confused in the first place.
2017-12-20 10:04:02 +00:00
Simon Tatham
10e570cc79 osxlaunch: fix some uninitialised pointers.
I've been having intermittent segfaults in this launcher program, and
by means of the new TEST_COMPILE_ON_LINUX facility introduced by
commit eef8cac28, I ran it under valgrind which helpfully pointed out
several pointers between linked-list nodes which I'd been relying on
OS memory allocation to happen to have zeroed for me.
2017-12-20 10:03:51 +00:00
Simon Tatham
6b8cd49aa7 osxlaunch: add diagnostics under an #ifdef.
Now I can compile with -DDEBUG_OSXLAUNCH and see exactly what the
program is doing, if I suspect it of misbehaviour.
2017-12-20 10:03:51 +00:00
Simon Tatham
eef8cac28e osxlaunch: bodge to let me test-build on Linux.
By default, the program still builds on Linux to a stub that just
prints 'nothing to see here'. But if you compile with
-DTEST_COMPILE_ON_LINUX, it compiles to a program that still doesn't
do anything _actually_ useful, but goes through all the same motions
that real osxlaunch would go through, until the final execv(2) fails
because of course it's not _really_ living in an application bundle
directory of the right shape.

That allows me to run all the setup code under the debugging tools I'm
most used to, in my preferred environment. (Same rationale as having
puttyapp / ptermapp build for Linux too.)
2017-12-20 10:03:14 +00:00
Simon Tatham
faef0ea679 Rewrite the OS X TODO a bit.
I've filled in the results of some not-entirely-conclusive
investigation into the trackpad scrolling issue, some thoughts on
resizing, and reordered the items into what currently seems the most
sensible order to me.
2017-12-18 14:04:57 +00:00
Simon Tatham
04184c87cc Fill in some more of the OS X menu bar.
This still isn't complete: I also need to add the variable collections
of things like mid-session special commands and saved session names,
and also I need to try to grey out menu items when they're not
applicable. But it's a start.
2017-12-18 11:46:48 +00:00
Simon Tatham
2065fb647f Minor refactoring of gtkapp.c -> gtkwin.c menu triggers.
Just to avoid an endless proliferation of functions too small to see,
I've arranged an enumeration of action ids and a single
app_menu_action function on the receiving end, and in gtkapp.c, a list
macro that means I at least don't have to define the tiny callback
functions and the GActionEntry records by hand and keep them in sync.
2017-12-18 11:19:26 +00:00
Simon Tatham
31080bf8a7 Add keyboard accelerators in the GtkApplication menu.
Now that they actually _work_, it seems more useful to start putting
them in on purpose.
2017-12-18 11:01:42 +00:00
Simon Tatham
1904c404ed OS X: pass Command key back to GTK if it's not being Meta.
This fixes the problem I'd previously noticed, that if you don't
configure the "Command key acts as Meta" setting, then keystrokes like
Command-Q which _ought_ to function as accelerators for the
application menu bar don't.

Turns out that this was for the totally obvious reason: the keyboard
event was still being processed by gtkwin.c's key_event() and
translated via the GTK IM into ordinary keyboard input. If instead I
return FALSE from key_event on detecting that a key event has a
non-Meta-configured Command modifier, then it will go to the next-
level key-event handler inside GTK itself which implements the menu
accelerator behaviour. Another problem ticked off the OS X checklist.
2017-12-18 10:43:13 +00:00
Simon Tatham
3faca7724a Correct the OS X branch of the clipboards ifdef.
That's what I get for not testing on all platforms before I push.
Forgot that, since OS X GTK mimics X11 GTK closely enough to still use
the name "CLIPBOARD" for the unique system clipboard, I had left this
code base's internal name for it as CLIP_CLIPBOARD and not the
CLIP_SYSTEM I used on Windows.
2017-12-18 10:31:42 +00:00
Simon Tatham
136c119da6 Fix linked-list mismanagement.
Oh dear. I have no excuse.
2017-12-17 20:43:44 +00:00
Simon Tatham
7bc637ad07 Sort out clipboard-related menu items.
The gtkapp.c menu now has a Copy as well as Paste option; those menu
items, as well as the corresponding ones on the context menu and Copy
All, now address sets of clipboards parametrised between OS X and
ordinary GTK in unix.h. Also I've tweaked the wording of the
context-menu items to not use the X-specific terminology "CLIPBOARD"
on OS X.
2017-12-17 20:35:45 +00:00
Simon Tatham
1ed2f98c89 Add missing g_application_hold on Duplicate Session.
The omission of this call caused a GTK assertion failure when the
GApplication's use count went negative after two releases and only one
hold.
2017-12-17 20:18:20 +00:00
Simon Tatham
1af9c425ba Better protection against stale clipboard_data_instances.
I had a segfault on OS X today at Pterm.app shutdown. I wasn't able to
reproduce it in a debugger, but the cause seemed to be that
clipboard_clear called term_deselect (this was from before the patch
series that renamed that function) when inst->term was already NULL.

This must be because a clipboard_data_instance outlived its associated
inst->term, and quite likely its associated inst as well. But we can't
free those structures when a gui_data is freed, because GTK callbacks
will still depend on them; so instead we must have each gui_data keep
a list of active cdis pointing at it, and then at destruction time,
walk along the list nulling out each one's pointer to part of itself.
2017-12-17 20:12:52 +00:00
Simon Tatham
2a76f8d4a2 Support custom clipboard names under X.
This required me to turn the drop-lists into combo boxes and add an
extra string-typed Conf setting alongside each enumerated value.
2017-12-17 18:49:00 +00:00
Simon Tatham
018aa57645 Tick off another two OS X todo items.
I've done the general clipboard revamp, and also, since I added
Ctrl-Shift-{C,V} as a new pair of UI actions for copy and paste, I've
also fulfilled the requirement that there should be some method of
non-menu-based pasting that doesn't depend on a middle mouse button or
an Ins key.

I think the list of OS X missing features is now down to details of
the OS X GTK port _itself_, as opposed to structural issues in the
general code base.
2017-12-17 17:02:56 +00:00
Simon Tatham
0e7f0883a9 Add GUI configuration for choice of clipboards.
On all platforms, you can now configure which clipboard the mouse
pastes from, which clipboard Ctrl-Ins and Shift-Ins access, and which
Ctrl-Shift-C and Ctrl-Shift-V access. In each case, the options are:

 - nothing at all
 - a clipboard which is implicitly written by the act of mouse
   selection (the PRIMARY selection on X, CLIP_LOCAL everywhere else)
 - the standard clipboard written by explicit copy/paste UI actions
   (CLIPBOARD on X, the unique system clipboard elsewhere).

Also, you can control whether selecting text with the mouse _also_
writes to the explicitly accessed clipboard.

The wording of the various messages changes between platforms, but the
basic UI shape is the same everywhere.
2017-12-17 17:02:56 +00:00
Simon Tatham
3d9372492d GTK context menu options to copy/paste CLIPBOARD. 2017-12-16 13:52:23 +00:00
Simon Tatham
131a8e9468 Ability to copy to multiple clipboards at once. 2017-12-16 13:52:23 +00:00
Simon Tatham
41aa675a5b Make gtkwin.c able to support multiple selections.
All the data fields referring to the selection in 'struct gui_data'
have been pulled out into a separate structure of which there are now
multiple instances, and I've plumbed through what should be the right
pointers and integer ids to everywhere they should go. So now the GTK
front end defines CLIP_PRIMARY and CLIP_CLIPBOARD in place of the
temporary cop-out CLIP_SYSTEM from the previous commit, and copying
and pasting can be done via either one.

The defaults should be the same as before, except that now the non-Mac
versions of the GtkApplication front ends will access CLIP_PRIMARY in
response to most actions but the 'Paste' menu item will paste from
CLIP_CLIPBOARD. (That's mostly just as a demonstration that accessing
multiple clipboards even works.)
2017-12-16 13:50:47 +00:00
Simon Tatham
1829719639 Add a system of clipboard identifiers.
This lays some groundwork for making PuTTY's cut and paste handling
more flexible in the area of which clipboard(s) it reads and writes,
if more than one is available on the system.

I've introduced a system of list macros which define an enumeration of
integer clipboard ids, some defined centrally in putty.h (at present
just a CLIP_NULL which never has any text in it, because that seems
like the sort of thing that will come in useful for configuring a
given copy or paste UI action to be ignored) and some defined per
platform. All the front end functions that copy and paste take a
clipboard id, and the Terminal structure is now configured at startup
to tell it which clipboard id it should paste from on a mouse click,
and which it should copy from on a selection.

However, I haven't actually added _real_ support for multiple X11
clipboards, in that the Unix front end supports a single CLIP_SYSTEM
regardless of whether it's in OS X or GTK mode. So this is currently a
NFC refactoring which does nothing but prepare the way for real
changes to come.
2017-12-16 13:50:47 +00:00
Simon Tatham
f26654f618 Stop front ends remembering the data of their last paste.
Previously, both the Unix and Windows front ends would respond to a
paste action by retrieving data from the system clipboard, converting
it appropriately, _storing_ it in a persistent dynamic data block
inside the front end, and then calling term_do_paste(term), which in
turn would call back to the front end via get_clip() to retrieve the
current contents of that stored data block.

But, as far as I can tell, this was a completely pointless mechanism,
because after a data block was written into this storage area, it
would be immediately used for exactly one paste, and then never
accessed again until the next paste action caused it to be freed and
replaced with a new chunk of pasted data.

So why on earth was it stored persistently at all, and why that
callback mechanism from frontend to terminal back to frontend to
retrieve it for the actual paste action? I have no idea. This change
removes the entire system and replaces it with the completely obvious
alternative: the character-set-converted version of paste data is
allocated in a _local_ variable in the frontend paste functions,
passed directly to term_do_paste which now takes (buffer,length)
parameters, and freed immediately afterwards. get_clip() is gone.
2017-12-10 09:22:22 +00:00
Simon Tatham
2a2153f4ce Fix assertion failure that prevents pterm starting up.
When testing the previous commit, I went to great lengths to check all
the tricky corner cases of the detailed command-line argument handling
in Plink and PuTTY, on Windows and Unix. And did I also double-check
that I had not completely broken the very simplest possible invocation
of pterm? I did not.

The call to cmdline_host_ok() in gtkmain.c was failing an assertion in
pterm, because that function only expects to have been called by a
program that has the TOOLTYPE_HOST_ARG flag set - if that flag isn't
set, the program is expected to come up with its own answer to the
question (because I wasn't sure what the right fallback answer would
be). And I forgot to conditionalise the call between PuTTY and pterm.
2017-12-08 19:34:35 +00:00
Simon Tatham
b9a25510b0 Centralise PuTTY and Plink's non-option argument handling.
This is another piece of long-overdue refactoring similar to the
recent commit e3796cb77. But where that one dealt with normalisation
of stuff already stored _in_ a Conf by whatever means (including, in
particular, handling a user typing 'username@host.name' into the
Hostname box of the GUI session dialog box), this one deals with
handling argv entries and putting them into the Conf.

This isn't exactly a pure no-functional-change-at-all refactoring. On
the other hand, it isn't a full-on cleanup that completely
rationalises all the user-visible behaviour as well as the code
structure. It's somewhere in between: I've preserved all the behaviour
quirks that I could imagine a reason for having intended, but taken
the opportunity to _not_ faithfully replicate anything I thought was
clearly just a bug.

So, for example, the following inconsistency is carefully preserved:
the command 'plink -load session nextword' treats 'nextword' as a host
name if the loaded session hasn't provided a hostname already, and
otherwise treats 'nextword' as the remote command to execute on the
already-specified remote host, but the same combination of arguments
to GUI PuTTY will _always_ treat 'nextword' as a hostname, overriding
a hostname (if any) in the saved session. That makes some sense to me
because of the different shapes of the overall command lines.

On the other hand, there are two behaviour changes I know of as a
result of this commit: a third argument to GUI PuTTY (after a hostname
and port) now provokes an error message instead of being silently
ignored, and in Plink, if you combine a -P option (specifying a port
number) with the historical comma-separated protocol selection prefix
on the hostname argument (which I'd completely forgotten even existed
until this piece of work), then the -P will now override the selected
protocol's default port number, whereas previously the default port
would win. For example, 'plink -P 12345 telnet,hostname' will now
connect via Telnet to port 12345 instead of to port 23.

There may be scope for removing or rethinking some of the command-
line syntax quirks in the wake of this change. If we do decide to do
anything like that, then hopefully having it all in one place will
make it easier to remove or change things consistently across the
tools.
2017-12-07 20:13:33 +00:00
Geoff Winkless
81345e9a82 ctrl-shift-page-up/down to top or bottom of scrollback
Just a small patch, that I find really useful.
2017-12-03 15:35:40 +00:00
Simon Tatham
247d1b9b78 Unix PuTTY: add missing call to prepare_session.
Now 'putty user@host' will do what you wanted on Unix the same way it
always has on Windows.

(Thanks to Geoff Winkless for pointing out this inconsistency. I've
redone his actual patch my way, but he should still be credited for
the inspiration!)
2017-12-03 15:35:02 +00:00
Simon Tatham
e3796cb779 Factor out common pre-session-launch preparation.
A more or less identical piece of code to sanitise the CONF_host
string prior to session launch existed in Windows PuTTY and both
Windows and Unix Plink. It's long past time it was centralised.

While I'm here, I've added a couple of extra comments in the
centralised version, including one that - unfortunately - tries _but
fails_ to explain why a string of the form "host.name:1234" doesn't
get the suffix moved into CONF_port the way "user@host" moves the
prefix into CONF_username. Commit c1c1bc471 is the one I'm referring
to in the comment, and unfortunately it has an unexplained one-liner
log message from before I got into the habit of being usefully
verbose.
2017-12-03 14:54:49 +00:00
Simon Tatham
46cf862c31 Knock off another refactoring from the OS X to-do list.
Stopping dialog boxes from being modal is now done; post_main() is
defunct; nothing left in gtkwin.c does an inappropriate whole-process
termination in response to a window-level error or closure condition.

(There is still modalfatalbox(), but that's not an _inappropriate_
process termination.)
2017-11-27 20:45:14 +00:00
Simon Tatham
032a9da179 Remove one last stray process exit().
This one's in frontend_keypress(), which is supposed to close the
window on the first keypress after the session inside it terminates
(that is, if your close-on-exit settings haven't made it close already
at that point).

It looks to me as if that behaviour doesn't currently _work_, and
hasn't worked for quite a while (certainly it was broken as of 0.70,
well before I started on this weekend's refactoring), because when the
session terminates we delete inst->ldisc and that's what would
otherwise be calling frontend_keypress. I should probably decide what
to do about that at some point. But for the moment, I'm satisfied to
simply not break this functionality any worse by making it not a
process-global exit :-)
2017-11-27 20:45:14 +00:00
Simon Tatham
4b8baed84a GTK: fix the exit(1) response to startup-time font errors.
For gtkapp-based tools that will have to stop being a program-fatal
error, so I've turned it into a function called window_setup_error
(which I could in principle reuse for other problems in the long and
tortuous progress of new_session_window), and kept the original
handling in gtkmain.c's implementation of that function while gtkapp.c
does something more sensible with a message box.
2017-11-27 20:45:14 +00:00
Simon Tatham
ba55b228a3 Move gtkwin.c's cmdline_error() into gtkmain.c.
Not all gtkwin-based tools use it. Only the ones with one session per
process, which parse a command line describing that session and might
reasonably want to report errors in that command line by writing to
standard error and exiting the program.

In other words, precisely the ones that link in gtkmain.c and not
gtkapp.c. So gtkmain.c is a more sensible place to put that
error-reporting function.
2017-11-27 20:45:14 +00:00
Simon Tatham
61f3e3e299 GTK: handle synchronous connection-setup failures sensibly.
This was one of a handful of remaining places in gtkwin.c where exit()
is called incautiously. Of course, a failure to set up one SSH
connection should only be fatal to that connection, not the whole
process, so really we should be feeding into the connection_fatal
system.
2017-11-27 20:21:22 +00:00
Simon Tatham
71b00097dd Remove the post_main() mechanism.
This existed in order to avoid the various confusions that could
happen if a toplevel callback ran in the context of a subsidiary
instance of gtk_main(). Now there aren't any subsidiary gtk_main
instances any more, this mechanism is no longer needed, and I can
throw it out. It was horrible anyway.
2017-11-26 20:03:12 +00:00
Simon Tatham
ef6e38d8eb Remove the modal message_box function completely.
Now there's nothing left that calls it, it's obsolete.
2017-11-26 20:02:00 +00:00
Simon Tatham
57ceac8f1d Fix stale-pointer bugs in connection-fatal network errors.
I think these began to appear as a consequencce of replacing
fatalbox() calls with more sensible error reports: the more specific a
direction I send a report in, the greater the annoying possibility of
re-entrance when the resulting error handler starts closing stuff.
2017-11-26 19:59:27 +00:00
Simon Tatham
3e24bb610d Make connection_fatal() nonmodal.
This change requires me to break up the general cleanups in
delete_inst() into two halves: one runs when the error message box is
created, and cleans up the network connection and all the stuff
associated with it, and the other runs when the error message is
dismissed and the window can actually close.
2017-11-26 19:59:24 +00:00
Simon Tatham
813c380470 Make nonfatal() nonmodal.
This one was completely trivial, except that while I was at it, I took
the opportunity to put the right program name in the window title.
2017-11-26 17:57:26 +00:00
Simon Tatham
4f3f4ed691 Get rid of fatalbox() completely.
It's an incoherent concept! There should not be any such thing as an
error box that terminates the entire program but is not modal. If it's
bad enough to terminate the whole program, i.e. _all_ currently live
connections, then there's no point in permitting progress to continue
in windows other than the affected one, because all windows are
affected anyway.

So all previous uses of fatalbox() have become modalfatalbox(), except
those which looked to me as if they shouldn't have been fatal in the
first place, e.g. lingering pieces of error handling in winnet.c which
ought to have had the severity of 'give up on this particular Socket
and close it' rather than 'give up on the ENTIRE UNIVERSE'.
2017-11-26 17:43:02 +00:00
Simon Tatham
d1f62c3e0f Make the Licence message box non-modal. 2017-11-26 17:32:01 +00:00
Simon Tatham
a8e9fd7860 Reimplement 'really close session?' as a non-modal message box.
I've also moved it out into gtkwin.c, because it seemed easier to do
the 'find existing instance of this dialog and raise it' dance there
than to split it across source files pointlessly.
2017-11-26 17:21:32 +00:00
Simon Tatham
71ed04dbc3 Make the GTK font setup error box non-modal.
That was the last (in fact, the only) call to the modal version of
message_box() outside gtkdlg.c, so I can remove it from the header
file.
2017-11-26 17:07:47 +00:00
Simon Tatham
8b0d460578 Replace dlg_error_message() with a non-modal message box.
Apart from the specific benefit of non-modality, this also makes it a
lot simpler compared to the previous code! I'm not completely sure why
I wasn't using the standard gtkdlg.c message box system all along.
2017-11-26 17:05:51 +00:00
Simon Tatham
b6ed82321c Make the askappend() prompt non-modal.
This fits into a new dialog-box slot (because it might have to come up
at the same time as a network prompt), and makes use of the existing
callback system in logging.c which buffers the logging data until the
user says what they want done with it.
2017-11-26 16:56:03 +00:00
Simon Tatham
86741a1b09 Expand the dialog registering/unregistering system.
Now it has several 'slots', each named for a particular class of
subsidiary dialog box that a session window can have at most one of,
and register_network_prompt_dialog has a more general name and takes
an enum-typed argument identifying a slot. This lets me avoid writing
a zillion annoyingly similar function pairs and corresponding snippets
of cleanup code in delete_inst.
2017-11-26 16:51:19 +00:00
Simon Tatham
f212e2cbea Change order of cleanup in delete_inst.
If you close a session window with an associated SSH back end, the
back end may call back to notify_remote_exit() from ssh_free(), which
queues a new top-level callback citing the inst structure we were
about to delete.

We could fix this by introducing a special 'moribund' flag which
inhibits notify_remote_exit from queueing a callback, but far easier
is to move the delete_callbacks_for_context() call to _after_ all
subsidiary things have been cleaned up, so that any last-minute
callbacks they might schedule will be promptly unscheduled again
before they do any damage.
2017-11-26 15:38:35 +00:00
Simon Tatham
199f381aa9 Make GTK askalg() and askhk() non-modal.
This follows exactly the same pattern as for verify_ssh_host_key, but
the results of the dialog box are simpler (a plain yes-no response),
so the two dialog types can share a callback.
2017-11-26 15:20:46 +00:00
Simon Tatham
624f5b7d47 Make the GTK host-key verification box non-modal.
I've switched it to using the new non-modal create_message_box, and
provided a callback function which handles the cleanup afterwards.

I had expected this to be a lot more work, because I'd imagined that
I'd have to contort the coroutines in ssh.c to give them the ability
to wait for an asynchronously delivered result from that user prompt.
But in fact that wasn't necessary, because just such a mechanism has
been sitting there unused since commit 8574822b9 in 2005, when I added
it as part of my _previous_ attempt to write an OS X front end! (The
abandoned one written in native ObjC + Cocoa.)
2017-11-26 15:20:46 +00:00
Simon Tatham
671267f44b GTK: system for not leaving stale network prompt dialogs.
When I switch verify_ssh_host_key() and friends over to creating
non-modal message boxes and returning to the main loop, there will be
a risk that their parent window will need to close for some other
reason while the user hasn't answered the pending question yet. (E.g.
if the user presses the main session window's close button, which will
no longer be a prohibited UI action once the transient dialog is not
modal.)

At that point we need to get rid of the pending dialog box, both for
UI purposes (it would look silly and be confusing to leave it lying
around) and for memory management (if the user subsequently clicks OK
in such a dialog it would probably try to leave its result somewhere
stale).

So now there's a mechanism for gtkwin.c remembering what the current
'network prompt dialog' is, if any (in which category I intend to
include everything triggered from ssh.c's various reasons for asking
crypto-related questions), and cleaning it up when the struct gui_data
it belongs to goes away.
2017-11-26 15:20:00 +00:00
Simon Tatham
946405341f Fix a cleanup issue in dlgparam_destroy.
If a dialog box is destroyed by the program before the user has
pressed one of the result-delivering buttons - e.g. because the parent
window closes so the dialog is no longer relevant to anything anyway -
then dlgparam_destroy would never call the client code's provided
callback. That makes sense in terms of the callback wanting to _take
action_ based on the result of the dialog box, but it ignores the
possibility that the callback may simply need to free its own context
structure.

So now dlgparam_destroy always calls the client's callback, even if
the result it passes is negative (meaning 'the user never got round to
pressing any of the dialog-ending buttons'), and all the existing
client callbacks handle the negative-result case by doing nothing
except freeing any allocated memory they might have.
2017-11-26 15:19:11 +00:00
Simon Tatham
46ba9de2c2 Introduce a non-modal create_message_box().
This does the bulk of the work previously done by message_box()
proper, but takes a pointer to a result-reporting callback function
identical to the one we pass to create_config_box().

The modal version of message_box() still exists and is a small wrapper
on this function, running its own subsidiary gtk_main() loop which the
result callback terminates. But now I can start switching over
individual uses of message_box() to the non-modal version, and when
that's done, remove the modal function completely.
2017-11-26 15:19:11 +00:00
Simon Tatham
2d289a9970 Make the GTK message-box function non-variadic.
Now, in place of a variadic argument list with four parameters per
button and a terminating NULL, it takes a pointer to a struct which in
turn contains an (array,length) pair of small per-button structures.

In the process I've renamed the function from messagebox() to
message_box(). Partly that was just because it gave me a convenient
way to search the source for calls I hadn't converted yet, but also
I've thought for a while that that missing underscore didn't really
match the rest of my naming.

NFCI. Partly this minor refactor has the virtue that we can reuse the
more common button layouts without having to type them in at multiple
places in the code (and, indeed, I've provided buttons_yn and
buttons_ok for easy reuse, and could easily provide other things like
yesnocancel any time I need them). But mostly it's because I'm about
to split up message_box into multiple functions, and this saves me the
hassle of deciding which ones to make variadic and which to pass an
actual va_list to - particularly since messagebox() used to go over
its variadic argument list twice, which always makes delegating it to
another function that much more annoying.
2017-11-26 14:05:02 +00:00
Simon Tatham
7891cb1ac1 Remove an item from gtkapp.c's OS X TODO comment.
The last few changes between them have fixed the problem of windows
not closing properly when their sessions terminated. The problem was
really more than one problem - pterm session termination wasn't even
detected due to the missing SIGCHLD handler, window-closing wasn't
done explicitly due to exit_callback() just calling gtk_main_quit
instead of a proper gtk_widget_destroy(), and that in turn wouldn't do
quite the right thing without the g_application_{hold,release} system
which I added in gtkapp.c as part of the non-model config box rework.

Now that all of those are fixed, things seem to be working sensibly;
the OS X Pterm.app and PuTTY.app, and the ordinary X GTK ptermapp and
puttyapp too, now allow windows to be closed independently of each
other, close them automatically in the right way, and automatically
terminate the whole application when the last window is gone.

So I can clean up that TODO item, including its handwavy 'need to work
out some kind of mechanism'. Some kind of mechanism has now been
worked out, and given that there turned out to be a whole cluster of
interacting structural issues, no wonder I wasn't _quite_ sure what it
ought to be!
2017-11-26 11:58:05 +00:00
Simon Tatham
817e4ad2dd Make the configuration dialog non-modal.
Now every call to do_config_box is replaced with a call to
create_config_box, which returns immediately having constructed the
new GTK window object, and is passed a callback function which it will
arrange to be called when the dialog terminates (whether by OK or by
Cancel). That callback is now what triggers the construction of a
session window after 'Open' is pressed in the initial config box, or
the actual mid-session reconfiguration action after 'Apply' is pressed
in a Change Settings box.

We were already prepared to ignore the re-selection of 'Change
Settings' from the context menu of a window that already had a Change
Settings box open (and not accidentally create a second config box for
the same window); but now we do slightly better, by finding the
existing config box and un-minimising and raising it, in case the user
had forgotten it was there.

That's a useful featurelet, but not the main purpose of this change.
The mani point, of course, is that now the multi-window GtkApplication
based front ends now don't do anything confusing to the nesting of
gtk_main() when config boxes are involved. Whether you're changing the
settings of one (or more than one) of your already-running sessions,
preparing to start up a new PuTTY connection, or both at once, we stay
in the same top-level instance of gtk_main() and all sessions' top-
level callbacks continue to run sensibly.
2017-11-26 11:58:02 +00:00
Simon Tatham
94a2904ab6 GTK: add a delete_inst() function to clean up a gui_data.
This has been logically necessary in principle for ages, but we got
away without it because we just exited the program. But in the multi-
window GtkApplication front ends, we can't get away with that for
ever; we need to be able to free _one_ of our 'struct gui_data'
instances and everything dangling off it (or, at least, everything
that GTK's reference counting system doesn't clean up for us), without
also doing anything global to the process in which that gui_data is
contained.
2017-11-26 11:50:49 +00:00
Simon Tatham
99bdaa7752 gtkapp.c: fix a copy-paste error in stub main().
Apparently I copied that rather too literally from osxlaunch.c, where
the text about OS X and 'launcher' made more sense. The stub main in
gtkapp.c has nothing to do with launchers and OS X, so I've corrected
the wording to say that a completely different thing won't work in
completely different circumstances :-)
2017-11-26 11:45:53 +00:00
Simon Tatham
b6b91b8e17 OS X makefile: stop depending on JHBUILD_PREFIX.
People who use a packaging system other than jhbuild still ought to be
able to run the OS X GTK3 build, so now the gtk-mac-bundler command
finds out the locations of things by a more portable method.

(I've had this change lurking around uncommitted in a working tree for
a while, and only just found it in the course of doing other OS X-
related work. Oops.)
2017-11-26 11:45:48 +00:00
Simon Tatham
5b13a1b015 Add a missing conf_copy in gtkapp's Duplicate Session.
Without this, the Conf objects in a session and its duplicate were
aliases of each other, which could lead to confusing semantic effects
if one of the sessions was reconfigured in mid-run, and worse still, a
crash if one session got cleaned up and called conf_free on a Conf
that the other was still using.

None of that was intentional; it was just a matter of forgetting to
clone the Conf for the duplicated session. Now we do.
2017-11-26 11:44:21 +00:00
Simon Tatham
116dac29cc Reinstate the SIGCHLD handler in ptermapp.
Detecting that the child process in a pterm has terminated is
important for _any_ kind of pterm, so it's a mistake to put the signal
handler setup _solely_ inside the optional pty_pre_init function which
does the privileged setup and forks off a utmp watchdog process. Now
the signal handler is installed even in the GtkApplication-based
multi-window front end to pterm, meaning it will exist even on OS X.
2017-11-26 11:42:22 +00:00
Simon Tatham
c74d1e3c6a GTK1 runtime fix: widen extent of ignore_sbar.
ignore_sbar is a flag that we set while manually changing the
scrollbar settings, so that when those half-finished changes trigger
GTK event callbacks, we know to ignore them, and wait until we've
finished setting everything up before actually updating the window.
But somehow I had managed to leave the functions that actually _have
the effect_ (at least in GTK1) outside the pair of statements that set
and unset the ignore flag.

The effect was that compiling pterm for GTK1, starting it up, and
issuing a command like 'ls -l' that scrolls off the bottom of the
window would lead to the _top_ half of the ls output being visible,
and the scrollbar at the top of the scrollback rather than the bottom.
2017-11-26 11:40:01 +00:00
Simon Tatham
9909077be1 Make the current code compile again under GTK1.
Apparently I haven't tested this compile mode in a while: I had a
couple of compile errors due to new code not properly #ifdeffed (the
true-colour mode has to be effectively disabled in the palette-based
GTK1 graphics model) and one for an unused static function
(get_monitor_geometry is only used in GTK2 and above, and with -Werror
that means I mustn't even _define_ it in GTK1).

With these changes, I still didn't get a clean compile unless I also
configured CFLAGS=-std=gnu89, due to the GTK1 headers having an
outdated set of ifdefs to figure out the compiler's semantics of
'inline'. (They seem to expect old-style gcc, which inconveniently
treats 'inline' and 'extern inline' more or less the opposite way
round from the version standardised by C99.)
2017-11-26 11:37:07 +00:00
Simon Tatham
f1eeeff8cf Memory leak: add a columns_finalize() method.
My custom GTK layout class 'Columns' includes a linked list of
dynamically allocated data, and apparently I forgot to write a
destructor that frees it all when the class is deallocated, and have
never noticed until now.
2017-11-26 11:36:00 +00:00
Simon Tatham
4d15d46473 Memory leak: free conn->retbuf in uxagentc.c.
While debugging some new code, I ran valgrind in leak-checking mode
and it pointed out a handful of existing memory leaks, which got in the
way of spotting any _new_ leaks I might be introducing :-)

This was one: in the case where an asynchronous agent query on Unix is
aborted, the dynamically allocated buffer holding the response was not
freed.
2017-11-26 11:32:34 +00:00
Jeff Smith
7bdfdabb5e Update clipping interface for true-colour 2017-10-19 18:25:29 +01:00
Simon Tatham
916a2574d5 Make reverse video interact correctly with true colour.
ATTR_REVERSE was being handled in the front ends, and was causing the
foreground and background colours to be switched. (I'm not completely
sure why I made that design decision; it might be purely historical,
but then again, it might also be because reverse video is one effect
on the fg and bg colours that must still be performed even in unusual
frontend-specific situations like display-driven monochrome mode.)

This affected both explicit reverse video enabled using SGR 7, and
also the transient reverse video arising from mouse selection. Thanks
to Markus Gans for reporting the bug in the latter, which when I
investigated it turned out to affect the former as well.
2017-10-08 14:05:12 +01:00
Simon Tatham
1a718403d4 Support SGR 2 to dim the foreground colour.
I've done this on a 'where possible' basis: in Windows paletted mode
(in case anyone is still using an old enough graphics card to need
that!) I simply haven't bothered, and will completely ignore the dim
flag.
2017-10-05 21:13:58 +01:00
Simon Tatham
4743798400 Support OSC 4 terminal colour-palette queries.
Markus Gans points out that some applications which (not at all
unreasonably) don't trust $TERM to tell them the full capabilities of
their terminal will use the sequence "OSC 4 ; nn ; ? BEL" to ask for
the colour-palette value in position nn, and they may not particularly
care _what_ the results are but they will use them to decide whether
the right number of colour palette entries even exist.
2017-10-05 21:05:03 +01:00
Simon Tatham
262376a054 Make the cursor colour override true colour.
Otherwise, moving the cursor (at least in active, filled-cell mode) on
to a true-coloured character cell causes it to vanish completely
because the cell's colours override the thing that differentiates the
cursor.
2017-10-05 21:05:02 +01:00
Simon Tatham
1adf211d70 Disable true colour on monochrome or paletted displays.
I'm not sure if any X11 monochrome visuals or Windows paletted display
modes are still around, but just in case they are, we shouldn't
attempt true colour on either kind of display.
2017-10-05 21:04:24 +01:00
Simon Tatham
f813e9f937 uxnet.c: don't close a socket's fd if it is -1.
This is harmless in principle (you just get EBADF back from close(2)
and ignore it), but it leads to warnings in valgrind.
2017-10-01 21:10:31 +01:00
Simon Tatham
a4cbd3dfdb Support ESC[38;2;R;G;Bm for 24-bit true colour.
This is a heavily rewritten version of a patch originally by Lorenz
Diener; it was tidied up somewhat by Christian Brabandt, and then
tidied up more by me. The basic idea is to add to the termchar
structure a pair of small structs encoding 24-bit RGB values, each
with a flag indicating whether it's turned on; if it is, it overrides
any other specification of fg or bg colour for that character cell.

I've added a test line to colours.txt containing a few example colours
from /usr/share/X11/rgb.txt. In fact it makes quite a good demo to run
the whole of rgb.txt through this treatment, with a command such as

  perl -pe 's!^\s*(\d+)\s+(\d+)\s+(\d+).*$!\e[38;2;$1;$2;$3m$&\e[m!' rgb.txt
2017-09-30 18:19:44 +01:00
Ion Gaztañaga
309c3dfd95 Add -share -noshare command line option to plink to share SSL connections. 2017-07-08 09:28:20 +01:00
Ilya Shipitsin
3f2df8cc9d resolve (no real impact) issue found by cppcheck:
[unix/osxlaunch.c:411]: (error) Memory leak: macos
[unix/osxlaunch.c:411]: (error) Memory leak: contents
[unix/osxlaunch.c:411]: (error) Memory leak: new_argv
2017-06-19 21:42:16 +05:00
Ilya Shipitsin
4387b5f161 resolve an issue found by cppcheck:
[unix/osxlaunch.c:133] -> [unix/osxlaunch.c:134]: (warning) Either the condition '!qhead' is redundant or there is possible null pointer dereference: qhead.
2017-06-19 20:57:28 +05:00
Simon Tatham
f31a72ba09 Unix: use conf_dest() in 'unable to open connection' error box.
Alamy Liu points out that asking for CONF_host will display the wrong
part of the configuration in the case where serial port setup fails.
The Windows front end's analogous message already got this right, but
I must have forgotten to change this one too when I introduced
conf_dest.
2017-06-10 17:53:49 +01:00
Jacob Nevins
12bd5a6c72 Stop Gtk2 builds exploding on scroll wheel events.
More fallout from 64221972c.
2017-05-20 12:44:56 +01:00
Ben Harris
0d57b8a4d9 Make plug receive and closing functions return void instead of int.
Nothing was paying attention to their return values any more anyway.
2017-05-14 16:34:48 +01:00
Ben Harris
d56496c31c unix: make uxsel callback functions return void.
Nothing used their return values anyway.  At least, not after the
previous commit.
2017-05-14 16:34:48 +01:00
Ben Harris
30cdaa7ca8 unix: make select_result() return void.
Nothing was using its return value anyway.
2017-05-14 16:34:48 +01:00
Ben Harris
95f81227a2 uxplink: remove the "connopen" variable.
It had the constant value 1 everywhere that it was read.
2017-05-14 16:34:48 +01:00
Jacob Nevins
b566c5f125 Add a cast to fix a warning.
This fixes compilation with Gtk 2 with -Werror. Problem introduced by
64221972c.
2017-04-30 12:06:17 +01:00
Zero King
230f7d5628 Fix thinko introduced in 8833634f4.
This prevented compilation with Gtk 2.
2017-04-30 11:01:13 +01:00
Simon Tatham
687efc3a5d Change Cairo image surface type from RGB24 to ARGB32.
This seems to work around a GTK 3.22 display bug that Colin Watson and
I have both observed on Ubuntu (though I found that proxying the X
server, e.g. by SSH X forwarding or xtruss, inhibited the bug). The
effect of the bug was that the terminal window would appear completely
black and nothing would ever be displayed in it, though the terminal
session was still actually running and keystrokes would be sent to it.

But changing the call to cairo_set_source_surface() to some other
cairo_set_source_foo caused successful drawing of whatever other
source I selected; the problem seemed specific to the image surface.
Also, when I popped up the Ctrl-right-click menu over the terminal
window, the menu didn't disappear when dismissed, i.e. the drawing
area's redraw operation was not drawing in black, but failing to draw
_anything_.

That led me to hypothesise that the draw event handler for the
terminal drawing area might somehow be accidentally inventing 0 rather
than 255 for the implicit alpha channel when using our RGB-type image
surface as a source; so I tried setting the surface type to one with
an explicit alpha channel in the hope that there would no longer be a
need to make up any alpha value at all. And indeed, that seems to
solve the problem for me, so I might as well commit it.

However, I don't know the full details of what the previous problem
was, so this is only an empirical workaround. If it turns out I was
making some other mistake without which a RGB source surface would
have worked for me, then I should probably revert this and do whatever
other fix turns out to be a better plan.
2017-03-07 23:13:05 +00:00
Simon Tatham
af08a7a3b1 Replace deprecated gtk_window_set_wmclass with raw Xlib.
Calling gtk_widget_realize to enforce the existence of an underlying
GdkWindow, followed by gdk_window_ensure_native to enforce an
underlying X window in turn, allows me to get hold of an X window id
on which I can call the Xlib function for setting WM_CLASS, still
before the window is mapped.

With this change, plus Colin's preceding patches, the whole code base
_actually_ compiles and links against GTK 3.22 without any deprecation
warnings. (My claim in commit 8ce237234 that it previously did appears
to have been completely wrong - my guess is that I'd forgotten to
'make clean' before testing against 3.22 and so some source files had
already been compiled against earlier GTK headers.)
2017-03-07 23:13:05 +00:00
Colin Watson
921afd3716 Handle deprecation of gdk_screen_{width,height}
GTK+ 3.22 deprecates gdk_screen_{width,height} on the grounds that the
"screen" here actually refers to a virtual screen that may span multiple
monitors, and applications should generally be considering the width and
height of individual monitors.  It's not entirely clear to me how this
fits with X geometry specifications, but I've gone with trying to get
hold of the geometry of the monitor that the window in question is on.
2017-03-07 23:13:05 +00:00
Colin Watson
8833634f47 Use CSS to set window backgrounds with GTK+ 3
gdk_window_set_background was already deprecated, but with GTK+ 3.22
even gdk_window_set_background_rgba is deprecated, so we need a better
approach.  The best seems to be to go with the flow and inject a custom
CSS style for the appropriate widgets.
2017-03-07 23:13:05 +00:00
Colin Watson
64221972c0 Handle deprecation of gtk_menu_popup
GTK+ 3.22 deprecates gtk_menu_popup in favour of various
gtk_menu_popup_at_* functions.  gtk_menu_popup_at_pointer seems most
appropriate, but that requires being able to pass it a GdkEvent rather
than just some elements of it.  In order to achieve that, I've
rearranged the scroll_event shim to construct a real GdkEventButton and
pass that down to button_internal.
2017-03-07 23:13:05 +00:00
Simon Tatham
8ce2372348 Handle GTK 3.22's deprecation of gdk_cairo_create().
Now the whole code base compiles and links successfully against 3.22.
2017-02-27 19:58:39 +00:00
Leonid Lisovskiy
7a0a404eb8 GTK2: Return 2.20 compatibility back
Minimal version of gtk+ 2.24 required to compile PuTTY
after GTK3 prep commits. Provide more compatibility macroses
to allow build against gtk+ 2.20.

Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com>
2017-02-23 20:03:01 +00:00
Simon Tatham
3f29d939ee Unix buildinfo: stop saying 'GTK' in pure CLI utilities.
Unix PSCP, PSFTP, Plink and PuTTYgen now just report their build
platform as '64-bit Unix' or '32-bit Unix', without mentioning
irrelevant details of what flavour of GTK the other tools in the suite
might have been built against.

(In particular, they now won't imply anything outright untrue if there
was no GTK present at build time at all!)
2017-02-22 22:10:05 +00:00
Simon Tatham
86b604dd65 uxproxy: fix write error handling on outgoing pipe.
Jacob pointed out the other day that the call to logevent with NULL
frontend handle can't possibly work, and the comment next to it saying
that it can is an outright lie (probably thoughtlessly copied from
some part of the Windows front end, where it actually would be true).
Furthermore, even if that logevent call didn't dereference NULL and
segfault, the followup call to fatalbox() would be inappropriate,
since proxied connections need not be the primary network connection
of the whole process.

Rewritten as a call to plug_closing, which is the proper channel
through which to report errors on an individual socket or equivalent.
2017-02-22 21:51:03 +00:00
Owen Dunn
52a4ccad27 Return zero when reporting our version.
When called with -V to ask for our version, return 0 rather than 1.
This is the usual behaviour observed by ssh(1) and other Unix commands.
Also use exit() rather than cleanup_exit() in pscp.c and psftp.c ; at
this point we have nothing to cleanup!
2017-02-15 20:54:10 +00:00
Simon Tatham
fb839a27fb Include the compile-time GTK version in the build info.
It's obvious to the trained eye whether GTK PuTTY was compiled against
GTK2 or GTK3, but the untrained eye would probably appreciate a little
help, and even the trained eye probably can't tell GTK 3.18 from 3.19
at a glance :-)
2017-02-15 19:32:42 +00:00
Simon Tatham
1266ac0e30 uxpgnt: correct control flow in find_key().
If we try to interpret a string argument as the name of a key file,
sometimes we it's in circumstances where we _know_ it's a key file, so
we must print an error message and return failure if the file can't be
loaded. Other times it's not, and we just fall back to interpreting
the argument in some other way (e.g. as a pattern match against the
comment or fingerprint of a key already in the agent).

My code dealing with failure returns from the public-key loading
functions were mishandling the latter case, if they identified a file
as existing and looking more or less like some kind of key file but
then it turned out to have a format error; they would try to copy and
return a public key that they didn't actually have. Even if
pageant_pubkey_copy avoided crashing as a result, this would still
inhibit the fallback to treating the input string as some other kind
of pattern match.
2017-02-15 05:47:16 +00:00
Simon Tatham
bec33b2311 Properly check the lengths of Unix-socket pathnames.
If something is too long to fit in a sun_addr, we should spot that
well in advance and not try.
2017-02-14 23:25:26 +00:00
Simon Tatham
2247065d0f Put in some explicit null-pointer checks.
I think these were not strictly necessary, since passing a null
pointer to access(2) would have resulted in EINVAL rather than a
segfault. But it's clearer to put them in (and keeps static checkers a
bit happier).
2017-02-14 23:25:25 +00:00
Simon Tatham
b6b52269e1 uxpgnt: fix an uninitialised structure field in find_key().
Thanks, Coverity - I must have been lucky that Unix Pageant in client
mode hasn't so far happened to have this field come out non-NULL, or
else pageant_pubkey_copy would have tried to dupstr a garbage pointer.
2017-02-14 23:25:25 +00:00
Simon Tatham
12a080874f Add an assortment of missing frees and closes.
Coverity's resource-leak checker is on the ball as usual.
2017-02-14 22:14:25 +00:00
Jacob Nevins
b14c3443d3 Document -proxycmd in help and man pages.
Also, in the main documentation, note the hazard that backslashes in the
command argument must be doubled.
2017-02-11 23:03:46 +00:00
Jacob Nevins
7e9cb921f6 Add -c/-s to Unix 'pageant --help'. 2017-02-11 22:12:33 +00:00
Jacob Nevins
9a2730806c Log when -restrict-acl is in use.
Partly to reassure the user that they got what they asked for, and
partly so that's a clue for us in the logs when we get bug reports.

This involved repurposing platform_psftp_post_option_setup() (no longer
used since e22120fe) as platform_psftp_pre_conn_setup(), and moving it
to after logging is set up.
2017-02-11 00:44:00 +00:00
Simon Tatham
8923a1b488 Move declaration of frontend_is_utf8 into putty.h.
It's a function that exists on all platforms, not just on Unix - it's
used in ldisc.c - so it shouldn't have been declared only in unix.h.
Score another for clang's warnings.
2017-02-03 19:35:41 +00:00
Simon Tatham
eb2fe29fc9 Make asynchronous agent_query() requests cancellable.
Now, instead of returning a boolean indicating whether the query has
completed or is still pending, agent_query() returns NULL to indicate
that the query _has_ completed, and if it hasn't, it returns a pointer
to a context structure representing the pending query, so that the
latter can be used to cancel the query if (for example) you later
decide you need to free the thing its callback was using as a context.

This should fix a potential race-condition segfault if you overload an
agent forwarding channel and then close it abruptly. (Which nobody
will be doing for sensible purposes, of course! But I ran across this
while stress-testing other aspects of agent forwarding.)
2017-01-29 20:25:04 +00:00
Simon Tatham
769ce54734 Report the right address in connection setup errors.
backend_socket_log was generating the IP address in its error messages
by means of calling sk_getaddr(). But sk_getaddr only gets a SockAddr,
which may contain a whole list of candidate addresses; it doesn't also
get the information stored in the 'step' field of the Socket that was
actually trying to make the connection, which says _which_ of those
addresses we were in the middle of trying to connect to.

So now we construct a temporary SockAddr that points at the
appropriate one of the addresses, and use that for calls to plug_log
during connection setup.
2017-01-28 14:03:09 +00:00
Simon Tatham
b73c1c1deb Rework handling of asynchronous connect(2) errors on Unix.
If connect() returns EINPROGRESS, then previously we would detect a
successful connection by the socket becoming selectable for writing,
and spot an unsuccessful one by an error code being returned on the
first attempt to read from it.

This isn't the right way to do it: the right way is to respond to the
initial writability notification by calling getsockopt(SO_ERROR) to
retrieve the error code (if any) from the completed connection
attempt. Doing it the old way had the problem that when the socket
became writable, we could sometimes already have written some of our
outgoing data to it before finding out that the connect attempt failed
- which meant we'd discard that data from the bufchain, and no longer
have it to send through a later successful connection to a different
candidate address.
2017-01-28 14:03:09 +00:00
Tim Kosse
4548f22b38 Add error variable to loop condition
In case of connection errors before and during the handshake,
net_select_result is retrying with the next address of the server. It
however was immediately going to the last address as it was not
checking the return value of try_connect for all intermediate
addresses.
2017-01-28 14:03:09 +00:00
Simon Tatham
7e14730b83 Include 'build info' in all --version text and About boxes.
This shows the build platform (32- vs 64-bit in particular, and also
whether Unix GTK builds were compiled with or without the X11 pieces),
what compiler was used to build the binary, and any interesting build
options that might have been set on the make command line (especially,
but not limited to, the security-damaging ones like NO_SECURITY or
UNPROTECT). This will probably be useful all over the place, but in
particular it should allow the different Windows binaries to be told
apart!

Commits 21101c739 and 2eb952ca3 laid the groundwork for this, by
allowing the various About boxes to contain free text and also
ensuring they could be copied and pasted easily as part of a bug
report.
2017-01-21 14:55:53 +00:00
Simon Tatham
a76de8774b x11font: fix handling of high-bit-set SBCS characters.
I had mistakenly pulled a 'char' value out of a string and passed it
to x11_font_has_glyph and x11_char_struct, each of which takes its two
index bytes as int-typed parameters. But if chars are signed, that
turns high-bit-set characters into out-of-range array indices. Oops.

The range checks in x11_char_struct prevented that from causing any
problem worse than refusal to display any affected glyph. Even so,
that's not particularly helpful. Fixed by changing the index byte
parameters to unsigned char type.
2017-01-10 22:22:49 +00:00
Simon Tatham
e2452f3bd0 Add some missing checks for EINTR after select(2).
I noticed today that Unix Plink responds to SIGWINCH by accidentally
dying of EINTR having interrupted its main select loop, and when I
checked, there turn out to be a couple of other select loops with the
same bug.
2017-01-06 19:29:06 +00:00
Simon Tatham
5c390fceab Make the new ^< and ^> keystrokes add the class prefix.
The new font name configured by the keystrokes was missing its
"client:" or "server:" prefix, which could have led to the selection
of the wrong font in rare situations.
2016-11-16 22:02:54 +00:00
Simon Tatham
1a51771720 Unix PuTTY/pterm: Ctrl-< / Ctrl-> to change font size.
Each gtkfont back end now provides a routine that will return the name
of a similar font to the current one but one notch larger or smaller.
For Pango, this is just a matter of incrementing the font size field
in a standard way; for X11 server-side fonts, we have to go and do an
XListFonts query with a wildcard that requests fonts that vary only in
the size fields from the current one, and then iterate over the result
looking for the best one.

(I expect this will be more useful to Pango scalable-font users than
to X11 fonts, but it seemed a shame not to give the X11 side my best
shot while I was at it.)

Choice of hotkey: I know I'm being inconsistent with gnome-terminal's
use of Ctrl-plus and Ctrl-minus. I thought that was because I was
already using Ctrl-minus as a more convenient synonym for
Ctrl-underscore (which sends the actual control code 0x1F), but now I
actually try it, apparently I'm not. However, Ctrl-plus and Ctrl-minus
are quite horrible as a keystroke pair anyway (one has to be typed
with shift and one without!), and I feel as if the 'less' and
'greater' signs are more specific anyway, in that they specifically
indicate _size_ rather than just 'unspecified numerical value'.
2016-11-13 14:06:43 +00:00
Simon Tatham
d9c68d236b gtkfont: refactor parse/unparse of XLFDs.
There were already two places in the code (x11font_enum_fonts and
x11_guess_derived_font_name) where we retrieved an XLFD from the X
server, sawed it up ad-hoc into its '-'-separated parts and accessed
them by numeric index.

I'm about to add a third, so before I do, let's turn this into a
somewhat principled system where we get to do the decode/encode in
just one place and call all the individual fields by names that are
actually memorable.

No functional change intended by this commit.
2016-11-13 13:50:18 +00:00
Simon Tatham
c5ce372a36 Fix memory leak in the new make_dir_path().
Thanks to Jason Andryuk for promptly pointing it out.
2016-08-10 19:34:46 +01:00
Ondřej Lysoněk
9952b2d5bd Added support for the XDG specification
The XDG configuration location ($XDG_CONFIG_HOME/putty, or
~/.config/putty) is now prefered over the old ~/.putty location, if the
XDG location already exists. If it doesn't exist, we try to use one of
the old locations ($HOME/.putty, [/etc/passwd home]/.putty, /.putty). If
none of the directories exist, we fall back to ~/.config/putty or
~/.putty, if the XDG_DEFAULT macro is defined or not, respectively. The
PUTTYDIR environment variable remains a definitive override of the
configuration location. This all ensures that the old location is still
used, unless the user explicitly requests otherwise.

The configuration directories are created using the make_dir_path()
function, to ensure that saving the configuration doesn't fail e.g.
because of a non-existent ~/.config directory.
2016-08-08 20:37:07 +01:00
Simon Tatham
23a02f429c New Unix utility function to make a directory path.
Essentially 'mkdir -p' - we try to make each prefix of the pathname,
terminating on any error other than EEXIST. Semantics are similar to
make_dir_and_check_ours(): we return NULL on success or a dynamically
allocated error message string on failure.
2016-08-08 20:37:07 +01:00
Ben Harris
de52cc8597 Remove inaccurate comment about Unix getticks() function.
It's not always based on gettimeofday(); now it mostly uses
clock_gettime().
2016-05-17 13:07:36 +02:00
Jacob Nevins
4e3aa6572d Set SSH IUTF8 appropriately in Unix Plink. 2016-05-07 11:36:50 +01:00
Ben Harris
561f97874b May as well set FD_CLOEXEC on the signal pipe as well. 2016-05-01 18:13:03 +02:00
Ben Harris
30cf7371f3 Unix Plink: Set O_NONBLOCK on the SIGWINCH pipe.
This should avoid the possibility of the SIGWINCH handler's blocking
when trying to write to the pipe.  This could only happen if we'd
somehow received PIPE_BUF SIGWINCHes without reading the pipe, which
would be difficult to achieve.

While we're at it, also set O_NONBLOCK on the reading side of the pipe,
just in case.
2016-05-01 18:13:03 +02:00
Ben Harris
05e802d5fe uxcons: Don't try to include <sys/select.h> on systems that don't have it.
Also include <sys/time.h> for ancient systems that define select()
there.
2016-05-01 18:13:03 +02:00
Kylie McClain
4ae1577b43 uxcons: Fix on musl libc
musl libc exports FD_SET and friends in sys/select.h.
2016-04-29 19:42:59 +01:00
Ben Harris
b22c0b6f3e Set cfg.ssh_simple in Windows Plink when there are no forwardings.
Unix Plink had had this for ages, but for some reason I didn't add it to
Windows Plink at the same time.
2016-04-15 23:11:59 +01:00
Simon Tatham
2c37bfca42 GTK 3: tweak margin below the gtkask drawing areas.
A side effect of commit 1f9df706b seems to have been to squash those
areas right up against the bottom of the dialog box, which is ugly. I
don't fully understand why it only happens to those drawing areas and
not to buttons placed in the fake 'action area' by other dialogs, but
anyway, adding an explicit margin-bottom attribute seems to solve it.
2016-04-04 11:52:01 +01:00
Simon Tatham
4f904fcd15 Account for GtkApplicationWindow menu bar in geometry hints.
This is another widget that can appear in the top-level window, in
addition to the drawing area and scrollbar we put there ourselves, and
hence which needs to be accounted for when figuring out the
relationship between the drawing area size in character cells and the
full window size in pixels.

Finding the menu bar widget itself is a bit of a hassle, but having
found it, dealing with it is basically the same as dealing with the
scrollbar, only with x and y swapped.
2016-04-04 11:37:07 +01:00
Simon Tatham
8fd67a9c46 GTK: stop using gtk_window_parse_geometry.
This function, which parses the X11-style '-geometry WxH+X+Y' option
argument and automatically loads the result into the window, is also
being deprecated.

Fortunately we already had a fallback option for GTK1 (which didn't
have gtk_window_parse_geometry in the first place), calling the Xlib
geometry-parsing function and manually loading the results into GTK.
The method of loading into GTK is not the same between the two
versions, but the basic strategy is still viable.

For the sake of maintaining and testing fewer ifdef branches, I've
removed the use of gtk_window_parse_geometry _completely_, even in
GTK2 which did have it. GTK2 now uses the same strategy that I've
switched to for GTK3.
2016-04-04 11:37:07 +01:00
Simon Tatham
4ba7ff006a GTK: stop using geometry-based window sizing functions.
gtk_window_resize_to_geometry and gtk_window_set_default_geometry are
deprecated as of GTK 3.20, so now we do the geometry -> pixel size
conversion on our side.
2016-04-04 11:24:24 +01:00
Simon Tatham
a7befbf40e GTK: split out the computation part from set_geom_hints.
This is preparation for dealing with the fact that GTK's geometry-
based API routines for setting the window size are being deprecated:
we'll no longer be able to specify a width/height in characters and
have GTK convert that into a pixel size based on the geometry hints
we'd already fed it. So we'll need to do that conversion ourselves,
and the easiest approach is to make it easy to recompute the geometry
hints on our side whenever we need them.
2016-04-04 11:23:25 +01:00
Simon Tatham
169a3d2457 GTK 3.20 compatibility: switch to gdk_seat_grab.
gdk_device_grab and all its preparatory faff are now deprecated, and
gdk_seat_grab is the new thing. Introduce yet another branch to all
the ifdefs for keyboard-grabbing. On the plus side, at least it's
slightly simpler than the GdkDevice business.
2016-04-04 11:21:54 +01:00
Simon Tatham
c2c22fb16a Compile fix for GTK 3.18: avoid gtk_adjustment_changed().
That function is deprecated as of 3.18, on the basis that GTK doesn't
need telling any more when the adjustment's owning widget needs
updating. So we just need to condition out the call.
2016-04-03 10:10:40 +01:00
Simon Tatham
b0b5d5fbe6 Extend ACL-restriction to all Windows tools.
Protecting our processes from outside interference need not be limited
to just PuTTY: there's no reason why the other SSH-speaking tools
shouldn't have the same treatment (PSFTP, PSCP, Plink), and PuTTYgen
and Pageant which handle private key material.
2016-04-02 08:00:07 +01:00
Simon Tatham
435b29da88 cmdgen: option to specify the random number device to use.
E.g. you might pass '--random-device=/dev/urandom'.

Mostly because I got sick of waiting for /dev/random to finish
blocking while I was trying to generate throwaway keys for testing bug
fixes in cmdgen itself. But it might also be useful on systems that
call their random device by a different name that we haven't
encountered.

(Since cmdgen also reads the saved PuTTY random seed file, setting
this option to /dev/zero will not render key generation deterministic.
It's tempting to provide _some_ way to do that, for testing purposes
and clearly marked as dangerous of course, but I think it would take
more faff than this.)
2016-03-30 08:30:40 +01:00
Simon Tatham
ad87950539 Rework window geometry to avoid using geometry_widget.
Partly this is because the geometry_widget functionality is going away
in a later version of GTK3, so sooner or later we'll need not to be
using it anyway. But also, it turns out that GTK 3's geometry
calculations have the unfortunate effect of setting the window's base
and min heights to values that are not congruent mod height_increment
(because the former is the value we gave, but the latter is based on
the minimum height of the scrollbar), which confuses at least one
window manager (xfwm4) and causes the window to be created one row too
small.

So I've redone all the geometry computations my own way, based on the
knowledge that the only widgets visible in the top-level window are
the drawing area and the scrollbar and I know how both of those
behave, and taking care to keep base_height and min_height congruent
to avoid that xfwm4 bug.
2016-03-29 13:57:10 +01:00
Simon Tatham
940a82fd37 Special host key warning when a better key exists.
If you're connecting to a new server and it _only_ provides host key
types you've configured to be below the warning threshold, it's OK to
give the standard askalg() message. But if you've newly demoted a host
key type and now reconnect to some server for which that type was the
best key you had cached, the askalg() wording isn't really appropriate
(it's not that the key we've settled on is the first type _supported
by the server_, it's that it's the first type _cached by us_), and
also it's potentially helpful to list the better algorithms so that
the user can pick one to cross-certify.
2016-03-27 18:20:37 +01:00
Simon Tatham
a8d466c0ea Omit the conf_launchable check in pterm Duplicate Session.
It won't return true, because pterm's use of conf is a bit nonstandard
(it doesn't really bother about the protocol field, and has no use for
either host names _or_ serial port filenames). Was affecting both
gtkapp and gtkmain based builds.
2016-03-27 14:47:51 +01:00
Simon Tatham
fc77fa0b8b Support sh/csh syntax switching for Unix Pageant. 2016-03-25 16:43:59 +00:00
Simon Tatham
1f9df706b5 GTK 3 fake dialog action area: fix margins and spacing.
The About box is where it showed up most obviously that I'd hastily
bunged a GtkBox inside another GtkBox without considering their
margins: the 'action area' had twice the margin it should have had and
the rightmost button didn't align with the right edge of the rest of
the window contents.

Easily fixed by giving the inner hbox margin 0 (fixing the right align
and the excessive space around all the buttons), and using the
'spacing' property of GtkBox to ensure multiple buttons in it are
nicely separated without having to take care over that in the client
code that adds them.
2016-03-24 07:19:09 +00:00
Simon Tatham
ae53014f53 Add a TODO list to gtkapp.c.
This lists all the things I currently know to be wrong with the OS X
work. There are quite a few of them, but I doubt I've thought of them
all.
2016-03-23 22:22:48 +00:00
Simon Tatham
c73f25564f Create OS X application bundles for PuTTY and pterm.
This commit adds two .plist files, which go in the app bundles; two
.bundle files, which are input to gtk-mac-bundler and explain to it
how to _create_ the bundles; and a piece of manual addition to
Makefile.am that actually runs gtk-mac-bundler after building the
gtkapp.c based binaries and the OSX launcher. The latter is
conditionalised on configuring --with-quartz (unlike the binaries
themselves, which you can build on other platforms too, though they
won't do much that's useful).
2016-03-23 22:22:48 +00:00
Simon Tatham
7d705ed1bd New program 'osxlaunch', to use as an OS X bundle launcher.
The big problem with making an OS X application out of a GTK program
is that it won't start unless DYLD_LIBRARY_PATH and several other
environment variables point at all the GTK machinery. So your app
bundle has to contain two programs: a launcher to set up that
environment, and then the real main program that the launcher execs
once it's done so.

But in our case, we also need pterm to start subprocesses _without_
all that stuff in the environment - so our launcher has to be more
complicated than the usual one, because it's also got to save every
detail of how the environment was when it started up. So this is the
launcher program I'm going to use. Comments in the header explain in
more detail how it'll work.

Also in this commit, I add the other end of the same machinery to
gtkapp.c and uxpty.c: the former catches an extra command-line
argument that the launcher used to indicate how it had munged the
environment, and stores it in a global variable where the latter can
pick it up after fork() and use to actually undo the munging.
2016-03-23 22:22:48 +00:00
Simon Tatham
19b5a74f71 New front end to PuTTY/pterm, as a GtkApplication.
When it's finished, this will be the backbone of the OS X GTK port:
using a GtkApplication automatically gives us a properly OS X
integrated menu bar.

Using this source file in place of gtkmain.c turns the usual Unix
single-session-per-process PuTTY or pterm into the multi-session-per-
process OS X style one.

Things like Duplicate Session can be done much more simply here - we
just grab the Conf * from the source window and launch a new window
using it, with no fiddly interprocess work needed.

This is still experimental and has a lot of holes, but it's usable
enough to test and improve.
2016-03-23 22:22:30 +00:00
Simon Tatham
f23375b14e Delegate GTK window creation to gtkmain.c.
This is a weird thing to have to do, but it is necessary: the OS X
PuTTY will need its top-level windows to be instances of a thing
called GtkApplicationWindow, rather than plain GtkWindow. Hence, the
actual creation of windows needs to be somewhere that isn't
centralised between the two kinds of front end.
2016-03-23 22:03:46 +00:00
Simon Tatham
01778a2d54 Make gtkmain.c contain the actual main().
Instead of main() living in uxputty.c and uxpterm.c, and doing a
little bit of setup before calling the larger pt_main() in gtkmain.c,
I've now turned things backwards: the big function in gtkmain.c *is*
main(), and the small pieces of preliminary setup in uxputty.c and
uxpterm.c are now a function called setup() which is called from
there. This will allow me to reuse the rest of ux{putty,pterm}.c, i.e.
the assorted top-level bits and pieces that distinguish PuTTY from
pterm, in the upcoming OS X application that will have its own main().
2016-03-23 21:58:40 +00:00
Simon Tatham
eac66b0281 Divide the whole of gtkwin.c into three parts.
This lays further groundwork for the OS X GTK3 port, which is going to
have to deal with multiple sessions sharing the same process. gtkwin.c
was a bit too monolithic for this, since it included some
process-global runtime state (timers, toplevel callbacks), some
process startup stuff (gtk_init, gtk_main, argv processing) and some
per-session-window stuff.

The per-session stuff remains in gtkwin.c, with the top-level function
now being new_session_window() taking a Conf. The new gtkmain.c
contains the outer skeleton of pt_main(), handling argv processing and
one-off startup stuff like setlocale; and the new gtkcomm.c contains
the pieces of PuTTY infrastructure like timers and uxsel that are
shared between multiple sessions rather than reinstantiated per
session, which have been rewritten to use global variables rather than
fields in 'inst' (since it's now clear to me that they'll have to
apply to all the insts in existence at once).

There are still some lurking assumptions of one-session-per-process,
e.g. the use of gtk_main_quit when a session finishes, and the fact
that the config box insists on running as a separate invocation of
gtk_main so that one session's preliminary config box can't coexist
with another session already active. But this should make it possible
to at least write an OS X app good enough to start testing with, even
if it doesn't get everything quite right yet.

This change is almost entirely rearranging existing code, so it
shouldn't be seriously destabilising. But two noticeable actual
changes have happened, both pleasantly simplifying:

Firstly, the global-variables rewrite of gtkcomm.c has allowed the
post_main edifice to become a great deal simpler. Most of its
complexity was about remembering what 'inst' it had to call back to,
and in fact the right answer is that it shouldn't be calling back to
one at all. So now the post_main() called by gtkdlg.c has become the
same function as the old inst_post_main() that actually did the work,
instead of the two having to be connected by a piece of ugly plumbing.

Secondly, a piece of code that's vanished completely in this
refactoring is the temporary blocking of SIGCHLD around most of the
session setup code. This turns out to have been introduced in 2002,
_before_ I switched to using the intra-process signal pipe strategy
for SIGCHLD handling in 2003. So I now expect that we should be robust
in any case against receiving SIGCHLD at an inconvenient moment, and
hence there's no need to block it.
2016-03-22 22:27:09 +00:00
Simon Tatham
6ef6cb1573 Fix goof in Pango bidi suppression.
When we're displaying bidirectionally active text (that is, text that
the Unicode bidi algorithm will fiddle with), we need to suppress
Pango's bidi because we've already done our own. We were doing this by
calling is_rtl() on each character, and if it returned true,
displaying just that character in a separate Pango call.

Except that, ahem, we were only doing this if the _first_ character
encountered during a scan of the display buffer was rtl-sensitive. If
the first one was fine but a subsequent one was rtl-sensitive, then
that one would just get shoved into the buffer we'd already started.

Running pterm -fn 'client:Monospace 12' and displaying
testdata/utf8.txt now works again.
2016-03-20 20:06:04 +00:00
Simon Tatham
eb4730e0bf Fix blatant segfault in x11_font_has_glyph.
When I cut it in half so I could fetch the XCharStruct for a given
character, I forgot that the remaining half should check whether it
had got NULL from the XCharStruct finder. Ahem.
2016-03-20 19:55:22 +00:00
Simon Tatham
ece38fbb21 GTK3: give I/O events lower priority than window redraws.
If you run something like 'seq 2000000000' in a GTK3 pterm, the window
never actually updates, because pterm always considers reading more
data from the pty to have higher priority than delivering the "draw"
event. Using g_io_add_watch_full instead of g_io_add_watch allows us
to explicitly lower the priority of the I/O sources, so that window
redraws will take precedence.
2016-03-20 19:44:23 +00:00
Simon Tatham
36ddc57084 Ignore X11 BadMatch errors during cut buffer setup.
This is quite a pain, since it involves inventing an entire new piece
of infrastructure to install a custom Xlib error handler and give it a
queue of things to do. But it fixes a bug in which Unix pterm/PuTTY
crash out at startup if one of the root window's CUT_BUFFERn
properties contains something of a type other than STRING - in
particular, UTF8_STRING is not unheard-of.

For example, run
  xprop -root -format CUT_BUFFER3 8u -set CUT_BUFFER3 "thingy"
and then pterm without this fix would have crashed.
2016-03-20 18:30:03 +00:00
Simon Tatham
ca68700570 Fix downloading of variable-pitch X font glyphs.
I had completely forgotten, when rendering each glyph to a server-side
pixmap and downloading its contents, to only look at the part of the
pixmap that XDrawImageString would have overwritten, as specified by
the metrics in the XCharStruct. Now 'pterm -fn server:variable'
doesn't randomly make up bitmap nonsense outside each character's
bounding rectangle.
2016-03-20 18:30:03 +00:00
Colin Watson
c026b48c53 Fix strict-aliasing warnings in sk_tcp_peer_info.
GCC 6 emits strict-aliasing warnings here, so use the existing
sockaddr_union arrangements to avoid those.  As a prerequisite for being
able to express sk_tcp_peer_info in terms of sockaddr_union, I fixed up
the union elements to be a bit less odd in the NO_IPV6 case.
2016-01-30 14:33:54 +00:00
Simon Tatham
9ddd071ec2 Stop copying the licence text into C source code.
Now all the uses of the licence text or the short copyright notice get
it from a new header "licence.h", which in turn is built by a Perl
script licence.pl invoked by mkfiles.pl, using LICENCE itself as the
source.

Hence, I can completely remove a whole section from the list of
licence locations in CHECKLST.txt :-)
2015-12-22 13:33:42 +00:00
Simon Tatham
21101c7397 Make some static text in GTK dialogs selectable.
I've made the licence text, the About box, and the host key dialog
into GTK selectable edit controls. (The former because it contains a
lot of text; the About box because pasting version numbers into bug
reports is obviously useful; the host key because of the fingerprint.)
2015-12-22 13:27:49 +00:00
Simon Tatham
45d5aacbfa Set "entry-text-column" on our combo boxes.
When we provide an editable text box with a drop-down list of useful
preset values, such as the one full of character sets in the
Translation panel, we implement it on GTK 2.4+ as a GtkComboBox
pointing at a two-column GtkListStore, in which the second column is
the actual text (the first being a numeric id). Therefore, we need to
set the "entry-text-column" property to tell GtkComboBox which of
those columns to look in for the value corresponding to the edit-box
text.

Thanks to Robert de Bath for spotting the problem and tracing it as
far as commit 5fa22495c. That commit replaced a widget construction
call via gtk_combo_box_entry_new_with_model() with one using the newer
gtk_combo_box_new_with_model_and_entry(), overlooking the fact that
the former provided the text column number as a parameter, and the
latter didn't.
2015-12-06 07:23:59 +00:00
Simon Tatham
6c9aa9be32 Avoid passing -1 as an fd to uxsel_set().
I'd missed out an if statement in the Unix proxy stderr code
introduced by commit 297efff30, causing ret->cmd_err to be passed to
uxsel_set even when it was -1 (which happened in the non-GUI tools).
Unfortunately, putting a negative fd into the uxsel tree has really
bad effects, because the first_fd / next_fd interface returns a
negative number to signal end-of-list - and since the uxsel tree is
sorted by fd, that happens _immediately_.

Added the missing if statement, and also an assertion to make sure we
never pass -1 to uxsel_set by mistake again!
2015-11-25 18:18:45 +00:00
Simon Tatham
50d73d95da Implement align_label_left for GTK 3.[14,16).
gtk_misc_set_alignment was deprecated in GTK 3.14. But my replacement
code using gtk_label_set_xalign doesn't work there, because that
function wasn't introduced until GTK 3.16, so there are two minor
versions in the middle where a third strategy is needed.
2015-11-22 23:10:11 +00:00
Simon Tatham
7c65b9c57a Option to log proxy setup diagnostics to the terminal.
It has three settings: on, off, and 'only until session starts'. The
idea of the last one is that if you use something like 'ssh -v' as
your proxy command, you probably wanted to see the initial SSH
connection-setup messages while you were waiting to see if the
connection would be set up successfully at all, but probably _didn't_
want a slew of diagnostics from rekeys disrupting your terminal in
mid-emacs once the session had got properly under way.

Default is off, to avoid startling people used to the old behaviour. I
wonder if I should have set it more aggressively, though.
2015-11-22 15:12:10 +00:00
Simon Tatham
297efff303 In GUI PuTTY, log standard error from local proxy commands.
On both Unix and Windows, we now redirect the local proxy command's
standard error into a third pipe; data received from that pipe is
broken up at newlines and logged in the Event Log. So if the proxy
command emits any error messages in the course of failing to connect
to something, you now have a fighting chance of finding out what went
wrong.

This feature is disabled in command-line tools like PSFTP and Plink,
on the basis that in that situation it seems more likely that the user
would expect standard-error output to go to the ordinary standard
error in the ordinary way. Only GUI PuTTY catches it and logs it like
this, because it either doesn't have a standard error at all (on
Windows) or is likely to be pointing it at some completely unhelpful
session log file (under X).
2015-11-22 15:11:00 +00:00
Simon Tatham
3d4d4004e8 Log the setup of proxied network connections.
I've defined a new value for the 'int type' parameter passed to
plug_log(), which proxy sockets will use to pass their backend
information on how the setup of their proxied connections are going.
I've implemented support for the new type code in all _nontrivial_
plug log functions (which, conveniently, are precisely the ones I just
refactored into backend_socket_log); the ones which just throw all
their log data away anyway will do that to the new code as well.

We use the new type code to log the DNS lookup and connection setup
for connecting to a networked proxy, and also to log the exact command
string sent down Telnet proxy connections (so the user can easily
debug mistakes in the configured format string) and the exact command
executed when spawning a local proxy process. (The latter was already
supported on Windows by a bodgy logging call taking advantage of
Windows in particular having no front end pointer; I've converted that
into a sensible use of the new plug_log facility, and done the same
thing on Unix.)
2015-11-22 15:11:00 +00:00
Simon Tatham
bb66e9870e Fix a memory leak in uxproxy.c.
We set up a pair of bufchains for the standard input and output
exchanged with the proxy process, but forgot to clear them when the
Local_Proxy_Socket is cleaned up.
2015-11-22 15:11:00 +00:00
Jacob Nevins
a454399ec8 Rationalise and document log options somewhat.
TOOLTYPE_NONNETWORK (i.e. pterm) already has "-log" (as does Unix
PuTTY), so there's no sense suppressing the synonym "-sessionlog".

Undocumented lacunae that remain:

plink accepts -sessionlog, but does nothing with it. Arguably it should.

puttytel accepts -sshlog/-sshrawlog (and happily logs e.g. Telnet
negotiation, as does PuTTY proper).
2015-11-08 11:58:45 +00:00
Ben Harris
f6b81af006 Add an explicit PROXY_FUZZ that just feeds a file into the backend.
This saves the need to fork and exec "cat", which should speed things
up.  It also ensures that the network output goes to /dev/null, which
should avoid problems with blocking when writing to a full pipe.
2015-10-28 22:08:58 +00:00
Ben Harris
b9cb75e8c5 Add __AFL_INIT() to uxplink to allow afl-fuzz to skip some startup overhead. 2015-10-28 22:08:58 +00:00
Ben Harris
7924aa945a Add a -fuzznet option to Unix plink.
It just sets the proxy command to "cat %host", which is crude and slow
but seems like a good starting point.
2015-10-28 22:08:57 +00:00
Jacob Nevins
48eafd66aa Update docs/usage for 'plink -shareexists'. 2015-10-22 01:48:35 +01:00
Simon Tatham
1bdeff715c Widen the GTK askalg() message box.
In GTK3, the line 'Continue with connection?' got wrapped (in spite of
my attempt to enforce via string_width() that it didn't - probably a
few pixels were needed on top of that for various padding and
furniture) so it looked even sillier. But it looked a bit narrow to be
sensible even in GTK2, so the simplest answer is just to widen it
considerably.
2015-09-26 14:13:56 +01:00
Simon Tatham
10d3b73d33 Make sure Escape terminates the About box.
I think it only did so in GTK2 by virtue of the About box being a
GtkDialog. But in GTK3 I've abandoned GtkDialog for not being flexible
enough, so I have to process the Escape key myself.
2015-09-26 14:09:27 +01:00
Simon Tatham
612534a4b4 Make sure Escape in a message box always does something.
The askalg() dialog, and several one-button things like the licence
box, have no button labelled 'cancel'. But in all cases we do want
Escape to terminate the box, with as negative an answer as is
available. So now we assign the 'iscancel' flag to any button whose
numeric value is the smallest of the ones given as input to
messagebox().

(In a one-button box, this leads to isdefault and iscancel _both_
being set for that button. That's fine; it works.)
2015-09-26 13:57:12 +01:00
Simon Tatham
291cbfc369 Fix GTK keyboard-shortcut focusing of CTRL_LISTBOX.
I had put an entire piece of code into win_key_press's SHORTCUT_UCTRL
handler to carefully handle all the different kinds of list box
control and do something sensible with each one, and then I just went
and used a generic SHORTCUT_FOCUS type shortcut instead of actually
_calling_ all that carefully prepared code.

Now selecting (say) the character-classes list box in the Selection
panel using its Alt-e shortcut works; also, shortcut-selecting a popup
menu such as the ones in the Bugs panel causes the menu to pop up,
which I think is nicer than what previously happened.
2015-09-26 13:22:49 +01:00
Simon Tatham
46b7cb6edb Permit the config box treeview to be keyboard-selected.
I'd failed to set the widget field in its shortcut structure, leading
to an annoying GTK warning log message and no useful UI action when
Alt-G was pressed in the config box.
2015-09-26 13:12:25 +01:00
Simon Tatham
9a3b743260 Remove a couple of outdated FIXME comments.
I had originally planned to implement a Compose-type key locally in
GTK PuTTY, as I did in Windows PuTTY. But in fact we've done this for
some time by delegating to the GTK IM system, which is a far better
idea anyway. So there's no point any more having the FIXME comment
that mentions Compose keys.

Also, there was a comment worrying about what I was going to do about
double-width characters in Pango, which is long since sorted out.
2015-09-26 12:59:26 +01:00
Simon Tatham
81152e5f38 Add some missing GTK focus-in event handlers.
Fixes a behaviour which I intended all along but apparently didn't
work before on GTK: if you start PuTTY, _select_ a saved session in
the list box but don't hit Load, and then just hit Open, then it will
be implicitly loaded and run for you, as a special case to save you an
extra button-press.

This depends on noticing that the saved-sessions list box last had the
focus, for which I need my widget_focus() handler to be called for
basically all config widgets so that I can track what _did_ last have
focus. Unfortunately, I missed a couple out.
2015-09-26 11:51:23 +01:00
Simon Tatham
9458377275 Don't defer displaying the prompt label in gtkask.
The previous sequence of events was that I would display the window
synchronously (via gtk_widget_show_now), so that I knew it was
actually on the screen and realised as an X window, and then I'd grab
the keyboard, and once the keyboard was grabbed, connect up the
keyboard event handlers and display the prompt.

I have to assume that deferring the display of the 'enter the
passphrase' prompt until the keyboard handlers were set up was
intended as some sort of 'not misleading the user' measure - don't
tell them to start typing until we're actually ready to start typing.
But unfortunately it has the side effect that the window is displayed
at a much smaller size before the prompt label appears, and centred on
the screen according to _that_ size - and then we display the prompt
label and the window resizes and is now off-centre. So I think it's
better not to try to be clever, and just make the window come up at
the right size initially.

(Actually, it looks as if nothing in the window is actually drawn
until that whole init function is finished anyway, so the prompt label
_already_ doesn't get physically displayed too early. So the whole
idea was pointless in the first place!)
2015-09-26 11:30:59 +01:00
Simon Tatham
777f38e491 Bring the gtkask.c test main() up to date.
I changed the prototype of gtk_askpass_main() since I last tried to
compile that standalone test program.
2015-09-26 11:30:59 +01:00
Simon Tatham
3c7557dcd0 Visually distinguish charset headings in GTK3 unifontsel.
When displaying a server-side font, the unified font selector's
font-style list box contains some lines which are character-set
headings, and others which are actually selectable font styles. We tag
the former with the "sensitive"=FALSE attribute, to prevent them from
responding to clicks. In GTK2, this also made them visually distinct
from the normal lines, by greying them out; in GTK3 it makes no visual
difference.

The simplest solution is to bold those lines, hinting that they're
sort of section headings. That looks OK in GTK2 as well, so I've done
it unconditionally.
2015-09-26 11:30:59 +01:00
Simon Tatham
854fae843b Fix combining character handling in Pango.
The top-level loop in gtkwin.c which draws text was expecting that the
right way to draw a printing character plus combining characters was
to overprint them one by one on top of each other. This is an OK
assumption for X bitmap fonts, but in Pango, it works very badly -
most obviously because asking Pango to display a combining char on its
own causes it to print a dotted circle representing the base char, but
also because surely there will be character combinations where Pango
wants to do something more sophisticated than just printing them each
at a standard offset, and it would be a shame not to let it.

So I've moved the previous overprinting loop down into the x11font
subclass of the unifont mechanism. The top-level gtkwin.c drawing code
now calls a new method unifont_draw_combining, which in the X11 case
does the same loop as before, but in the Pango case, just passes a
whole base+combinings string to Pango in one go and lets it do the
best job it can.
2015-09-26 11:30:59 +01:00
Simon Tatham
4df5d56f3d Support smooth scrolling in GTK3.
Touchpad gestures can generate much smoother scrolling events than the
discrete increments of mouse wheels. GDK3 supports this by means of a
new kind of scroll event, with direction GDK_SCROLL_SMOOTH and a
floating-point delta value. Added support for this; so in GTK3 mode,
you can now touchpad-scroll at a granularity of one line rather than
five, but in mouse tracking mode, scroll events are still grouped into
5-line chunks for purposes of turning them into escape sequences to
send to the server.
2015-09-25 15:11:44 +01:00
Simon Tatham
0f759e4e85 Make scroll events work again in GTK3.
Apparently, if you don't specify GDK_SMOOTH_SCROLL_MASK in a widget's
event mask, then you don't receive "scroll_event" signals at all, even
of the non-smooth variety that was all GTK2 had. Hence, neither mouse
scroll wheels nor touchpad scroll gestures seem to generate any
response.

Adding GDK_SMOOTH_SCROLL_MASK brings the old scroll events back again,
so this is at least no worse than GTK2 was. But in GTK3 we _ought_ to
be able to do better still, by supporting smooth scrolling from
touchpads; this commit doesn't do that.
2015-09-25 14:14:05 +01:00
Simon Tatham
5133d2a133 Avoid logging pre-verstring EPIPE from sharing downstreams.
If you use the new 'plink -shareexists' feature, then on Unix at least
it's possible for the upstream to receive EPIPE, because the
downstream makes a test connection and immediately closes it, so that
upstream fails to write its version string.

This looks a bit ugly in the upstream's Event Log, so I'm making a
special case: an error of 'broken pipe' type, which occurs on a socket
from a connection sharing downstream, before we've received a version
string from that downstream, is treated as an unusual kind of normal
connection termination and not logged as an error.
2015-09-25 12:17:35 +01:00
Simon Tatham
7c2ea22784 New Plink operating mode: 'plink -shareexists'.
A Plink invocation of the form 'plink -shareexists <session>' tests
for a currently live connection-sharing upstream for the session in
question. <session> can be any syntax you'd use with Plink to make the
actual connection (a host/port number, a bare saved session name,
-load, whatever).

I envisage this being useful for things like adaptive proxying - e.g.
if you want to connect to host A which you can't route to directly,
and you might already have a connection to either of hosts B or C
which are viable proxies, then you could write a proxy shell script
which checks whether you already have an upstream for B or C and goes
via whichever one is currently active.

Testing for the upstream's existence has to be done by actually
connecting to its socket, because on Unix the mere existence of a
Unix-domain socket file doesn't guarantee that there's a process
listening to it. So we make a test connection, and then immediately
disconnect; hence, that shows up in the upstream's event log.
2015-09-25 12:11:27 +01:00
Simon Tatham
24967601bb Fix misplaced separator in GTK3 dialog boxes.
When I abandoned GtkDialog for GtkWindow (in dc11417ae), I manually
added a horizontal GtkSeparator between the content and action areas.
Or rather, I tried to - but I forgot that gtk_box_pack_end works in
the opposite order, so that you have to add the bottom-most element
first and then the one you want to appear above it. So my separator
was below the action area, rather than between it and the content
area.
2015-09-25 10:05:57 +01:00
Simon Tatham
06cf210552 Fix window resizing in GTK 3 PuTTY.
In GTK 3, it was impossible to resize the window smaller than it
started off, because the size request on the drawing area was taken as
a minimum. (I can't actually remember how the GTK 2 version doesn't
have this problem too.)

Fixed by instead setting the initial window size using
gtk_window_set_default_geometry() (having first set up the geometry
hints to reflect the character cell size).
2015-09-25 09:52:19 +01:00
Simon Tatham
64ec5e03d5 Sanitise bad characters in log file names.
On Windows, colons are illegal in filenames, because they're part of
the path syntax. But colons can appear in automatically constructed
log file names, if an IPv6 address is expanded from the &H placeholder.

Now we coerce any such illegal characters to '.', which is a bit of a
bodge but should at least cause a log file to be generated.
2015-09-25 09:35:07 +01:00
Simon Tatham
5c5ca116db Centralise stripslashes() and make it OS-sensitive.
I noticed that Unix PSCP was unwantedly renaming downloaded files
which had a backslash in their names, because pscp.c's stripslashes()
treated \ as a path component separator, since it hadn't been modified
since PSCP ran on Windows only.

It also turns out that pscp.c, psftp.c and winsftp.c all had a
stripslashes(), and they didn't all have quite the same prototype. So
now there's one in winsftp.c and one in uxsftp.c, with appropriate
OS-dependent behaviour, and the ones in pscp.c and psftp.c are gone.
2015-09-24 17:47:10 +01:00
Simon Tatham
342f287660 Use a Cairo image surface as a client-side cache.
In any DRAWTYPE_CAIRO mode, we now do all our Cairo drawing to a Cairo
image surface which lives on the client; then we either blit directly
from that to the window (if we're in GTK3 mode, or GTK2 without
deprecated pieces of API), or else we blit from the Cairo surface to
the server-side pixmap and then from there to the actual window.

In DRAWTYPE_GDK mode, nothing much has changed: we still draw directly
to the server-side pixmap using the GDK drawing API, then blit from
there to the window. But there is one change, namely that the blit is
no longer done proactively - instead, we queue a redraw of the
affected rectangle, and wait until we're called back by the expose
handler.

The main aim of all this is to arrange that the only time we ever draw
to the real window is in response to expose/draw events. The
experimental GTK3 OS X port stopped working a week or two ago (I
presume in response to an OS update) with the symptoms that attempts
to draw on the window outside the context of a "draw" event handler
just didn't seem to work any more; this change fixes it.

In addition to that benefit, this change also has obvious performance
advantages in principle. No more expensive text rendering in response
to an expose event - just re-copy to the window from the bitmap we
already have, from wherever it's stored that's nearest.

Moreover, this seems to have fixed the significant performance problem
with X server-side fonts under GTK. I didn't expect _that_! I'd
guessed that the approach of downloading character bitmaps and
rendering them manually via Cairo was just inherently slow for some
reason. I've no real idea _why_ this change improves matters so much;
my best guess is that perhaps there's an overhead in each drawing
operation to a GDK Cairo surface, so we win by doing lots of
operations to a much faster image surface and then batching them up
into one GDK Cairo operation. But whyever it is, I'm certainly not
complaining!

(In fact, it now seems to be noticeably _faster_, at least on my usual
local X displays, to draw server-side fonts using that technique than
using the old GDK approach. I may yet decide to switch over...)
2015-09-24 14:17:20 +01:00
Simon Tatham
bea758a7ae Fix spurious EAGAIN in Plink host key (and other) prompts.
Plink sets standard input into nonblocking mode, meaning that read()
from fd 0 in an interactive context will typically return -1 EAGAIN.
But the prompt functions in uxcons.c, used for verifying SSH host keys
and suchlike, were doing an unguarded read() from fd 0, and then
panicking and aborting the session when they got EAGAIN.

Fixed by inventing a wrapper around read(2) which handles EAGAIN but
passes all other errors back to the caller. (Seemed slightly less
dangerous than the stateful alternative of temporarily re-blockifying
the file descriptor.)
2015-09-24 11:58:44 +01:00
Simon Tatham
82824e18f0 Clean up GTK keyboard event diagnostics.
When I introduced the KEY_EVENT_DIAGNOSTICS system last month in
commit 769600b22, I somehow didn't notice that it sat next to an
existing system of ifdefs labelled KEY_DEBUGGING, which did some
things worse but some things better.

Now I've expanded both of those into a fairly complete system of
diagnostics (keeping the newer name of KEY_EVENT_DIAGNOSTICS), and
made them use debug() rather than printf() so that in situations where
no standard output is available I can still retrieve the diagnostics
from debug.log.
2015-09-06 09:19:32 +01:00
Simon Tatham
fd7687a985 Revert accidentally committed breakage of Shift-Ins paste.
I turned it into Shift-Return, because I was trying to find out why
the former didn't work on OS X and replaced it with something else
random to see if the code was even being reached. And then, like an
utter doofus, I committed that change as part of a50da0e30.
2015-09-06 09:19:32 +01:00
Simon Tatham
a50da0e309 Initial support for clipboard on OS X.
Rather than trying to get my existing hugely complicated X-style
clipboard code to somehow work with the Quartz GTK back end, I've
written an entirely new and much simpler alternative clipboard handler
usnig the higher-leve GtkClipboard interface. It assumes all clipboard
text can be converted to and from UTF-8 sensibly (which isn't a good
assumption on all front ends, but on OS X I think it's reasonable),
and it talks to GDK_SELECTION_CLIPBOARD rather than PRIMARY, which is
the only clipboard OS X has.

I had to do a fiddly thing to cope with the fact that each call to
gtk_clipboard_set_with_data caused a call to the clipboard clear
function left over from the previous set of data, so I had to avoid
mistaking that for a clipboard-clear for the _new_ data and
immediately deselecting it. I did that by allocating a distinct
placeholder object in memory for each instance of the copy operation,
so that I can tell whether a clipboard-clear is for the current copy
or a previous one.

This is only very basic support which demonstrates successful copying
and pasting is at least possible. For a sensible OS X implementation
we'll need a more believable means of generating a paste UI action
(it's quite easy to find a Mac on which neither Shift-Ins nor the
third mouse button even exists!). Also, after the trouble I had with
the clipboard-clear event, it's a bit annoying to find that it
_doesn't_ seem to get called when another application becomes the
clipboard owner. That may just be something we have to put up with, if
I can't find any reason why it's failing.
2015-09-02 21:54:03 +01:00
Simon Tatham
e88b8d21f2 Key rollover: put the new Master Key fingerprint in the tools.
For the moment we're also retaining the old ones. Not sure when will
be the best time to get rid of those; after the next release, perhaps?
2015-09-02 18:50:49 +01:00
Simon Tatham
1e0e96204d OS X: fix handling of Ctrl-Space.
I'd left it out of my simulated Ctrl processing. It should have been
treated as \0, the same as ^2 and ^@.
2015-09-01 19:18:26 +01:00
Simon Tatham
0afc496a5f Work around OS X GTK treating Option as an AltGr key.
If I'm using Option as the Meta key, I want to suppress OS X GTK's
default behaviour of treating it as an AltGr-oid which changes the
keyval and Unicode translation of alphabetic keys. So on OS X I enable
a somewhat bodgy workaround which retranslates from the hardware
keycode as if the Option modifier had not been active at the time, and
use that as the character to prefix Esc to.

This is a bit nasty because I have to hardwire group = 0 in the call
to gdk_keymap_translate_keyboard_state(), whereas in principle what I
wanted was group = (whatever would have resulted from everything else
in the key event other than MOD1). However, in practice, they seem to
be the same, so this will do for the moment.
2015-09-01 19:13:55 +01:00
Simon Tatham
dc253b3c51 On OS X, be able to configure either Option or Command as Meta.
Personally I like using Command as the Esc-prefixing Meta key in
terminal sessions, because it occupies the same physical keyboard
position as the Alt key that I'm used to using on non-Macs. OS X
Terminal uses Option for that purpose (freeing up Command for the
conventional Mac keyboard shortcuts, of course), so I anticipate
differences of opinion.

Hence, here's a pair of OSX-specific config options which permit a
user to set either, or neither, or both of those modifier keys to
function as the terminal Meta key.
2015-09-01 19:12:19 +01:00
Simon Tatham
097d5ffb37 pterm: move termios setup to after the fork.
On OS X, apparently, we can't do termios setup on the pty master, so
instead we have to leave it until we've opened the slave fd in the
child process. That works on Linux too, so let's leave it here rather
than having another cumbersome ifdef.
2015-09-01 18:49:22 +01:00
Simon Tatham
1840103c05 pterm: set IUTF8 on pty devices depending on charset.
In a UTF-8 pterm, it makes sense to set the IUTF8 flag (on systems
that have one) on the pty device, so that line editing will take
account of UTF-8 multibyte characters.
2015-09-01 18:35:38 +01:00
Simon Tatham
ad994bab57 Work around Pango fonts with fractional width.
By retrieving characters' widths using get_extents and not
get_pixel_extents, we can spot when they're not actually an exact
multiple of a pixel, and avoid getting confused by the overall width
of a long string being off by up to a pixel per character.
2015-08-31 16:43:33 +01:00
Simon Tatham
7658b291db Fix an uninitialised bufchain in NO_PTY_PRE_INIT mode.
The Pty that we created in pty_pre_init had its bufchain properly
initialised, but if that one didn't get created, then the one we
create in pty_init did not. Now both should go through the same init
routine.
2015-08-31 16:13:09 +01:00
Simon Tatham
976e778269 Slightly improve layout in GTK3 Pageant passphrase prompts.
Now I've moved align_label_left() into gtkmisc.c where gtkask.c can
get at it, we can use it to fix the alignment of the prompt label.
Also, use gtk_label_set_width_chars() to give the label a more or less
sensible width.
2015-08-31 15:48:07 +01:00
Simon Tatham
49ff9f480e Move more functions into the new gtkmisc.c.
Several utility functions I've written over the last few weeks were in
rather random places because I didn't have a central gtkmisc.c to put
them in. Now I've got one, put them there!
2015-08-31 15:45:43 +01:00
Simon Tatham
dc11417aee Stop using GtkDialog (for most purposes) in GTK 3!
They've now deprecated gtk_dialog_get_action_area, because they really
want a dialog box's action area to be filled with nothing but buttons
controlled by GTK which end the dialog with a response code. But we're
accustomed to putting all sorts of other things in our action area -
non-buttons, buttons that don't end the dialog, and sub-widgets that
do layout - and so I think it's no longer sensible to be trying to
coerce our use cases into GtkDialog.

Hence, I'm introducing a set of wrapper functions which equivocate
between a GtkDialog for GTK1 and GTK2, and a GtkWindow with a vbox in
it for GTK3, and I'll lay out the action area by hand.

(Not everything has sensible layout and margins in the new GTK3 system
yet, but I can sort that out later.)

Because the new functions are needed by gtkask.c, which doesn't link
against gtkdlg.c or include putty.h, I've put them in a new source
file and header file pair gtkmisc.[ch] which is common to gtkask and
the main GTK edifice.
2015-08-31 15:45:18 +01:00
Simon Tatham
749b0fdda0 Add a missing cast in g_object_set.
When NULL appears in variadic argument lists, it should be cast to the
pointer type that the function will be expecting, because otherwise it
might end up as a type not even the same size as a pointer.
2015-08-31 15:11:04 +01:00
Simon Tatham
55de891e54 Use GtkMessageDialog for dlg_error().
This is a much simpler way to display simple message-box type dialogs,
whose absence I've previously been working around by laboriously
constructing something in my usual style.
2015-08-31 15:11:03 +01:00
Simon Tatham
ad8995b0d6 Stop using GtkAlignment in GTK 3.
We were using it in the main config box to ensure everything expanded
on window resize, but in GTK3 that's the default anyway. And we were
using it to put padding around the edges of the font selector, which
is now done using the "margin" property.
2015-08-31 14:13:26 +01:00
Simon Tatham
0b5a0c4da1 Avoid deprecated gtk_misc_set_alignment().
As of GTK 3.16 (but not in previous GTK 3 versions), there's a new
gtk_label_set_xalign which does this job.
2015-08-31 13:57:34 +01:00
Simon Tatham
4e243ae9a4 Avoid using gdk_cursor_new() in GTK 3.
It's deprecated in up-to-date versions, but fortunately, the
workaround is just to explicitly include the appropriate GdkDisplay.
2015-08-31 13:41:16 +01:00
Simon Tatham
620622b3e5 Switch to gdk_rgba_parse() for GDK 3.
I'm using a slightly more up-to-date GTK version for testing on MacOS,
and it's marked a few more functions as deprecated, among which is
gdk_color_parse(). So now parsing -fg and -bg options has to be done
by two different calls and an ugly #ifdef, depending on GTK version.
2015-08-31 13:37:30 +01:00
Simon Tatham
5de838a979 Don't use "server:fixed" as the default font without X.
If we're not supporting server-side fonts, it's utterly silly to set
one as the default! Instead, we use Pango's guarantee that some
reasonably sensible monospaced font will be made available under the
name "Monospace", and use that at a reasonable default size of 12pt.
2015-08-31 13:24:09 +01:00
Simon Tatham
1fa0b5a1ac Introduce a config option for building on OS X GTK.
Using GTK to run on OS X is going to require several workarounds and
behaviour tweaks to be enabled at various points in the code, and it's
already getting cumbersome to remember what they all are to put on the
command line. Here's a central #define (OSX_GTK) that enables them all
in one go, and a configure option (--with-quartz) that sets it.

As part of this commit, I've also rearranged the #include order in the
GTK source files, so that they include unix.h (which now might be
where NOT_X_WINDOWS gets defined) before they test NOT_X_WINDOWS to
decide whether to include X11 headers.
2015-08-31 13:21:50 +01:00
Simon Tatham
7acb747a7d Handle the Ctrl modifier key ourselves if necessary.
The Quartz GDK back end, if you press (say) Ctrl-A, will generate a
GdkKeyEvent with keyval='a' and state=CONTROL, but it'll have a
translated string of "a" where the X back end would have returned
"\001". So we have to do our own translation, which fortunately isn't
hard.
2015-08-31 13:21:50 +01:00
Simon Tatham
69737b24b5 Add a bodge to make pty masters nonblocking on OS X.
OS X for some reason doesn't let my usual fcntl approach (wrapped in
nonblock()) work on pty masters - the fcntl(F_SETFL) fails, with the
(in this context) hilariously inappropriate error code ENOTTY. Work
around it by instead passing O_NONBLOCK to posix_openpt.
2015-08-31 13:21:50 +01:00
Simon Tatham
1ce27010dd Add a new #define to disable pty_pre_init.
OS X dislikes us calling the setuid or setgid syscalls when not
privileged, even if we try to set ourselves to the _same_ uid/gid.
Since I don't anticipate this code needing to run setuid on OS X, and
since I do anticipate wanting to handle multiple ptys in a single
process so that pty_pre_init would be useless anyway, the simplest fix
seems to me to be just conditioning out the whole of pty_pre_init
completely.
2015-08-31 12:51:25 +01:00
Simon Tatham
9edf7910fc Make Columns disregard the preferred width of GtkEntry.
On OS X GTK, it requests a preferred width that's way too large. I
think that's because that's based on its max_width_chars rather than
its width_chars (and I only set the latter). But I don't want to
actually reduce its max_width_chars, in case (either now or in a
future version) that causes it to actually refuse to take up all the
space it's allocated.
2015-08-27 18:59:24 +01:00
Simon Tatham
769600b226 Add conditioned-out diagnostics in GTK key_event().
These should dump out all the important parts of the incoming
GdkEventKey, so that if keys aren't being translated right, it should
be possible to work out something about why not.

To enable: make CPPFLAGS="-DKEY_EVENT_DIAGNOSTICS"
2015-08-27 18:44:36 +01:00
Simon Tatham
76612e772d Add conditioned-out diagnostics in columns_compute_width.
These are a slightly cleaned-up version of the diagnostics I was using
to debug the layout problems in the GTK3 config box the other day. In
particular, if the box comes out far too wide - as I've just found out
that it also does when I compile the current state of the code against
OS X GTK3 - these diagnostics should provide enough information to
figure out which control is the limiting factor.

To enable: make CPPFLAGS="-DCOLUMNS_WIDTH_DIAGNOSTICS"
2015-08-27 18:34:56 +01:00
Simon Tatham
856a0ecc4a Remove a mysterious GTK size-request tweak.
In shortcut_add(), when we add an underlined letter to a GtkLabel, we
were fetching the label's height before changing its text, and
restoring it afterwards. I've no idea why - I can see no difference
with and without the code.

That code's been there since 2003 without explanation. My best guess
is that it was working around a GTK bug of the day, but since no
difference is visible even in current GTK1, I think I'm just going to
remove it. If any problems show up later, I can put it back, with an
actual comment!
2015-08-25 20:00:55 +01:00
Simon Tatham
7193e930de Compile fixes for GTK1 after recent work.
The whole of get_label_text_dimensions() should have been outside the
GTK 2 ifdef; I'd left a gtk_label_set_width_chars() unconditional; and
GDK1's gdk_window_set_background() lacks a const in its prototype.
Serves me right for not test-compiling in all three versions!
2015-08-25 19:50:23 +01:00
Simon Tatham
43a18df156 Fix the config box treeview width in GTK3.
My trickery in GTK2 to start with some branches of the tree collapsed
but give the widget all the width it will need when they open later
was not working in GTK3, for the same reason I've needed several other
fixes recently: just after creation, GTK3 widgets report their
preferred size as zero.

Fixed by doing basically the same trick I was doing in GTK2, but
deferring it until the "map" event happens later on.
2015-08-25 19:44:44 +01:00
Simon Tatham
afe2c355cf Make string_width() work in GTK3.
This was another piece of code that determined text size by
instantiating a GtkLabel and asking for its size, which I had to fix
in gtkfont.c recently because that strategy doesn't work in GTK3.

Replaced the implementation of string_width() with a call to the
function I added in gtkfont.c, and now dialog boxes which depend on
that for their width measurement (e.g. the one in reallyclose()) don't
come out in silly sizes on GTK3 any more.
2015-08-24 19:34:23 +01:00
Simon Tatham
22ed04d00e Use columns_force_same_height() for vertical centring.
In cases where two controls sit alongside one another such as a label
alongside an edit box, I've previously been arranging for them to be
vertically centred by fiddling with the size request and alignment of
what I assume will be the shorter control. But now I've written
columns_force_same_height(), that's a much easier approach, and it's
also compatible with GTK3 without using a deprecated method; so this
change switches over all vertical centring to doing it that way.

Also, while I'm here, I noticed that the edit box and button of
CTRL_FILESELECT / CTRL_FONTSELECT were not vertically centred, and
since it's now really easy to make sure they are, I've added another
use of columns_force_same_height() there.
2015-08-24 19:34:23 +01:00
Simon Tatham
d507e99d20 New Columns method, columns_force_same_height().
This forces two child widgets of a Columns to occupy the same amount
of vertical space, and if one is really shorter than the other,
vertically centres it in the extra space.
2015-08-24 19:34:23 +01:00
Simon Tatham
47ff8d0bf0 Factor out columns_find_child() in the Columns class.
This is an obviously reusable loop over cols->children looking for a
widget, which I'm about to use a couple more times so it seems worth
pulling it out into its own helper function.
2015-08-24 19:34:23 +01:00
Simon Tatham
3e86aa1bc6 Another GTK3 fix for GtkEntry width.
When I committed 5e738877b the other day, I missed another case of the
same thing in the file/font selector handling.
2015-08-24 19:34:23 +01:00
Simon Tatham
a98b1cc03b Use new GTK3 API call for server-controlled window resize.
gtk_window_resize_to_geometry() allows us to make use of the already-
set-up WM resize hints to immediately figure out how to resize the
window to a particular character cell size, and hence makes a much
simpler implementation of request_resize() than the previous hackery.
2015-08-24 19:34:23 +01:00
Simon Tatham
80259e85c2 In GTK3, omit our GTK 1/2 workaround for wrapping labels.
Now we're properly implementing the GTK3 height-for-width layout
model, this bodge is no longer necessary.
2015-08-23 15:01:07 +01:00
Simon Tatham
e076959f6c Implement GTK3 height-for-width layout in Columns.
Now that I've got the main calculation code separated from the GTK2
size_request and size_allocate top-level methods, I can introduce a
completely different set of GTK3 top-level methods, which run the same
underlying calculations but based on different width and height
information.

So now we do proper height-for-width layout, as you can see if you
flip the PuTTY config box to a pane with a wrapping label on it (e.g.
Fonts or Logging) and resize the window horizontally. Where the GTK2
config box just left the wrapped text label at its original size, and
the GTK3 one before this change would reflow the text but without
changing the label's height, now the text reflows and the controls
below it move up and down when the number of lines of wrapped text
changes.

(As far as I'm concerned, that's a nice demo of GTK3's new abilities
but not a critically important UI feature for this app. The more
important point is that switching to the modern layout model removes
one of the remaining uses of the deprecated gtk_widget_size_request.)
2015-08-23 14:53:06 +01:00
Simon Tatham
64b51dcbba GTK3 prep: refactor the layout calculation in Columns.
Previously, columns_size_request and columns_size_allocate would each
loop over all the widgets doing computations for both width and
height. Now I've separated out the width parts from the height parts,
and moved both out into four new functions, so that the top-level
columns_size_request and columns_size_allocate are just wrappers that
call the new functions and plumb size and position information between
them and GTK.

Actual functionality should be unchanged by this patch.
2015-08-23 14:49:01 +01:00
Simon Tatham
c3ef30c883 Performance: cache character widths returned from Pango.
Profiling reveals that pterm in Pango rendering mode uses an absurd
amount of CPU when it's not even actually _drawing_ the text, because
of all the calls to pango_layout_get_pixel_extents() while
pangofont_draw_text tries to work out which characters it can safely
draw as part of a long string. Caching the results speeds things up
greatly.
2015-08-23 14:16:18 +01:00
Simon Tatham
87040f6fd2 Fix an arithmetic error in the X font downloader cache.
If you're trying to arrange that an array size is large enough for
element n to exist, and you also want to round it up to the next
multiple of 0x100, you must set the size to (n + 0x100) & ~0xFF, and
not (n + 0xFF) & ~0xFF. Put another way, the number you have to round
up is not n, but the minimum size n+1 that causes array[n] to exist.
2015-08-23 14:10:59 +01:00
Simon Tatham
dc16dd5aa4 'pterm --display' should set $DISPLAY inside the terminal.
If you open a pterm on a different display via the --display
command-line option rather than by setting $DISPLAY, I think (and
other terminals seem to agree) that it's sensible to set $DISPLAY
anyway for processes running inside the terminal.
2015-08-22 15:05:12 +01:00
Simon Tatham
32163c30ef In GTK3, use the new GtkColorChooserDialog.
This replaces the old GtkColorSelectionDialog, and has the convenience
advantage that the actual chooser (with all the 'set colour', 'get
colour' methods) and the containing dialog box are now the same object
implementing multiple interfaces, so I don't keep having to call 'get
me the underlying chooser for this dialog' accessors. Also you now
hook into both the OK and Cancel buttons (and all other response
codes) at the same time with a single event.
2015-08-22 14:57:54 +01:00
Simon Tatham
2e3102a585 In GTK3, unifontsel should use GtkGrid, not GtkTable.
GtkTable is deprecated; the way of the future is GtkGrid, in which you
don't have to specify the number of rows/columns in advance (it's
worked out dynamically by observing what row/column numbers you
actually attached anything to), and also you handle expansion
behaviour by setting the "hexpand", "vexpand" or "expand" properties
on the child widgets rather than setting flags in the container.
2015-08-22 14:28:04 +01:00
Simon Tatham
01f68628c2 Stop using GTK3-deprecated gdk_window_set_background().
We now have to use gdk_window_set_background_rgba(), having first set
up an appropriate GdkRGBA structure.
2015-08-22 14:11:45 +01:00
Simon Tatham
5cef6f96c2 Stop using GTK3-deprecated gdk_get_display().
The new way is gdk_display_get_name(gdk_display_get_default()), which
returns a const char * rather than a char *, so I've also had to
fiddle with the prototype and call sites of get_x_display().

(Also included gtkcompat.h into uxputty.c, since that wanted to call
gdk_get_display() but didn't previously include it.)
2015-08-22 14:07:02 +01:00
Simon Tatham
ace0dd64b7 Provide #defines for GTK3-deprecated gtk_{h,v}foo_new().
In GTK3, GtkBox, GtkScrollbar and GtkSeparator are all single classes
with a GtkOrientation parameter, whereas in GTK2 the horizontal and
vertical versions were trivial subclasses of them. Hence, the old
constructors are now deprecated, but _only_ the constructors are
affected, since after constructing one you always used methods of the
superclass on it anyway.

Rather than faff about with an ifdef at every call site, I've just put
some wrapper macros in gtkcompat.h to make it easy to keep this code
similar between all supported GTK versions.
2015-08-22 13:59:20 +01:00
Simon Tatham
3a27e98fb7 Avoid deprecated gtk_cell_renderer_get_size in GTK3.
gtk_cell_renderer_get_preferred_size() is the new way to do it.
2015-08-22 13:54:47 +01:00
Simon Tatham
6d65a92dfc Stop using deprecated GTK_STOCK_* in GTK3.
According to the GTK3 docs, we're now supposed to use fixed label
strings instead.
2015-08-22 13:50:56 +01:00
Simon Tatham
d155f698b7 Make unifontsel_deselect() clear the preview pane.
In the case where we deselect the previously selected font (e.g.
because we've just changed the filter settings to remove it from the
list), we were leaving the preview pane in its previous state, which
is fine in GTK2 when it just carries on displaying the last thing
drawn to the backing pixmap but goes wrong in GTK3 where we still have
to actually respond to draw events.

But it makes more conceptual sense anyway to actually empty the
preview pane when no font is selected, so now we do that. So now
unifontsel_draw_preview_text() is called from unifontsel_deselect(),
and also the preview-drawing code will still draw the background
rectangle regardless of whether font != NULL.
2015-08-22 13:41:15 +01:00
Simon Tatham
81682fbf70 Fix crash in GTK3 when unifontsel filter settings change.
The call to gtk_list_store_clear() in unifontsel_setup_familylist()
was causing a call to family_changed() via the GTK signal system,
which didn't happen in GTK2. family_changed() in turn was calling
unifontsel_select_font(), which got confused when the tree model
didn't match reality, and tried to access a bogus tree iterator.

This is easily fixed by using the existing fs->inhibit_response flag,
which prevents us responding to GTK events when we know they were
generated by our own fiddling about with the data; it's just that we
never needed to set it in unifontsel_setup_familylist() before.

Also, added a check of the return value from the key get_iter call in
unifontsel_select_font(), so that it'll at least fail an assertion
rather than actually trying to access bogus memory. But that operation
_should_ still always succeed, and if it doesn't, it's probably a sign
that we need another use of fs->inhibit_response.
2015-08-22 13:41:11 +01:00
Simon Tatham
03e21b7cad Fix GTK3 size calculations in unifontsel_new.
It turns out that in GTK3, if you instantiate a GtkLabel and
immediately try to find out its preferred size, you get back zero for
both dimensions. Presumably none of that gets figured out properly
until the widget is displayed, or some such.

However, you can retrieve the PangoLayout from the label immediately
and ask Pango for the dimensions of that. That seems like a bit of a
bodge, but it works! The GTK3 unifont selector now comes out with all
the interface elements in sensible sizes - in particular, the preview
drawing area now has non-zero height.
2015-08-22 11:55:30 +01:00
Simon Tatham
37ec0b463f In GTK3, don't use the "has-separator" GtkDialog property.
It doesn't exist any more, so the attempt to set it was generating an
annoying runtime warning message.
2015-08-22 11:55:30 +01:00
Simon Tatham
5e738877be Use GTK3's method of setting GtkEntry min width.
The config box setup code wants a lot of very narrow edit boxes, so it
decreases their minimum width from the GTK default of 150 pixels. In
GTK 3, we have to do this using gtk_entry_set_width_chars() rather
than gtk_widget_set_size_request() as we were previously using, or it
won't work.

This change by itself seems to restore the GTK3 config box to a
sensible layout, in spite of the fact that my Columns layout class is
still doing all its size allocation the GTK2 way, with no attention
paid to the shiny new GTK3 height-for-width system.
2015-08-22 11:55:30 +01:00
Simon Tatham
ccd7097330 GTK3 port: condition out all uses of GdkColormap.
The entire concept has gone away in GTK3, which assumes that everyone
is now using modern true-colour video modes and so there's no longer
any reason you shouldn't just casually make up any RGB triple you like
without bothering to ask the display system's permission.
2015-08-16 14:50:48 +01:00
Simon Tatham
0ffc564351 GTK3 port: respell GDK_WINDOW_XWINDOW / GDK_DRAWABLE_XID.
GDK3 now spells both of those as GDK_WINDOW_XID. (Of course 'drawable'
is no longer a relevant concept in GDK3, since pixmaps are no longer
supported and so all drawables are just windows.) We keep backwards
compatibility, of course.
2015-08-16 14:50:48 +01:00
Simon Tatham
aac9d5fcf7 GTK3 port: replace size_request in the Columns layout class.
It's been replaced by a new pair of methods get_preferred_width and
get_preferred_height. For the moment, I've followed the porting
guide's suggestion of keeping the old size_request function as an
underlying implementation and having each of those methods just return
one of its outputs. The results are ugly, but it'll compile and run,
which is a start.
2015-08-16 14:50:48 +01:00
Simon Tatham
59a232c161 GTK3 port: use gdk_device_grab() in gtkask.c.
This replaces the old gdk_keyboard_grab(), and is what a GTK3 app has
to use for grabbing the keyboard away from all other X clients.
2015-08-16 14:50:37 +01:00
Simon Tatham
afae35eb90 GTK3 port: support the new "draw" signal.
This replaces GTK 1/2's "expose_event", and provides a ready-made
cairo_t to do the drawing with. My previous work has already separated
all constructions of a cairo_t from the subsequent drawing with it, so
the new draw event handlers just have to call the latter without the
former.
2015-08-16 14:50:28 +01:00
Simon Tatham
280b14f129 Reimplement GTK uxsel_input_add using GIOChannel.
This is the new recommended approach since gdk_input_{add,remove} were
deprecated (and, honestly, seems a lot more sensible - why on earth
would those functions have lived in *GDK* of all places?). The old
implementation is preserved under ifdef for GTK1.

This was the last of the GDK deprecated functions to go! So GTK PuTTY
now compiles cleanly with -DGDK_DISABLE_DEPRECATED in addition to all
the other precautionary flags (though if you do that, you disable GDK
rendering, which greatly slows down server-side font handling). This
completes the GTK2-compatible preparation phase of the GTK 3 migration
guide.
2015-08-16 13:11:51 +01:00
Simon Tatham
b5423b51d4 Change uxsel_input_add's return type from int to pointer.
In case a front end needs to store more than an integer id to be
returned to uxsel_input_remove, we now return a pointer to a
frontend-defined structure.
2015-08-16 13:11:51 +01:00
Simon Tatham
0413cc856c Use gtk_window_set_icon() where available.
GTK is deprecating the use of gdk_window_set_icon(), in favour of a
method that doesn't have to drop down to the GDK level at all (and
also doesn't use a pixmap). No reason not to use that instead.
2015-08-16 13:11:51 +01:00
Simon Tatham
f853b695de Remove an outdated comment.
I've just noticed the comment in gtkfont.c that said wouldn't it be
nice to find a way to avoid the GDK pixmap-stretching code when using
Pango fonts. We now do support this, but we support it in gtkwin.c
rather than gtkfont.c - because we do it using a Cairo transformation
matrix, so it still takes place at the level above Pango rather than
in Pango proper. (I never did find out whether Pango itself included
facilities to arbitrarily stretch a font.)

Hence, this comment is useless now. Discard.
2015-08-16 13:11:51 +01:00
Simon Tatham
1b3b993467 Replace deprecated GDK_DISPLAY() with modern facilities.
We still don't actually support more than one X display active at
once, so it's sufficient to replace every call to that macro with
GDK_DISPLAY_XDISPLAY(gdk_display_get_default()).
2015-08-16 13:11:51 +01:00
Simon Tatham
5319c659ad Make the use of server-side backing pixmaps in GTK optional.
We won't be able to use them in GTK3, or when compiling with GTK2 and
-DGDK_DISABLE_DEPRECATED.

This applies to the one we use for the main terminal window, and also
the small one we use for the preview pane in the unified font selector.
2015-08-16 13:11:06 +01:00
Simon Tatham
066bce3d19 Saw unifontsel_draw_preview_text() in half.
Now it's got an inner half that does actual drawing given a draw
context, and an outer half that sets up and tears down the draw
context. Sooner or later the inner half will need calling
independently of the outer, because GTK3's draw event will provide a
ready-made cairo_t.
2015-08-16 13:10:42 +01:00
Simon Tatham
828ad5d6d4 Call draw_stretch_before *after* setting up the clip region.
A small bug in yesterday's work: since in Cairo mode
draw_stretch_before changes the transformation matrix, if we do it
before calling draw_clip then the clip region will be interpreted in
the transformed coordinates.

This caused a subtle display bug in yesterday's commit: drawing one
half of double-height text would have drawn _both_ halves of it on to
the window's backing pixmap, but only copied the correct half on to
the window proper - but the overdrawing on the pixmap would have shown
up if the window was hidden and re-exposed.
2015-08-16 09:08:19 +01:00
Simon Tatham
3c912e7994 Withdraw the horrible bodge in make_mouse_ptr().
We were previously building our own mouse pointers out of pixmaps,
having first drawn characters from the X server standard font 'cursor'
on to those pixmaps, giving an effect almost exactly the same as just
calling gdk_cursor_new(some constant) except that we got to choose the
foreground and background colours of the resulting pointers.

But it's not clear why we needed to do that! In both GTK1 and GTK2 as
of my current testing, the standard colours appear to be just what I
wanted anyway (white pointer with black outline). The previous
implementation (and commit comment) was written in 2002, so perhaps it
was working around a GTK1 bug of the time.

So I've removed it completely, and replaced it with simple calls to
gdk_cursor_new  (plus a workaround for GTK1's lack of GDK_BLANK_CURSOR,
but that's still much simpler than the previous code). If anyone does
report a colour problem, I may have to go back to doing something
clever, but if I can possibly arrange it, I'll want to do it by some
other technique, probably (as suggested in a comment in the previous
implementation) getting the underlying X cursor id and calling
XRecolorCursor.
2015-08-15 21:07:35 +01:00
Simon Tatham
f750a18587 Refactor the GTK drawing system to do both GDK and Cairo.
We're going to have to use Cairo in the GTK3 port, because that's all
GTK3 supports; but we still need old-style GDK for GTK1 support, and
also for performance reasons in GTK2 (see below). Hence, this change
completely restructures GTK PuTTY's drawing code so that there's a
central 'drawing context' structure which contains a type code
indicating GDK or Cairo, and then either some GDK gubbins or some
Cairo gubbins as appropriate; all actual drawing is abstracted through
a set of routines which test the type code in that structure and do
one thing or another. And because the type code is tested at run time,
both sets of drawing primitives can be compiled in at once, and where
possible, they will be.

X server-side bitmap fonts are still supported in the Cairo world, but
because Cairo drawing is entirely client-side, they have to work by
cheekily downloading each glyph bitmap from the server when it's first
needed, and building up a client-side cache of 'cairo_surface_t's
containing the bitmaps with which we then draw on the window. This
technique works, but it's rather slow; hence, even in GTK2, we keep
the GDK drawing back end compiled in, and switch over to it when the
main selected font is a bitmap one.

One visible effect of the new Cairo routines is in the double-width
and double-height text you can get by sending ESC # 3, ESC # 4 and
ESC # 6 escape sequences. In GDK, that's always been done by a really
horrible process of manually scaling the bitmap, server-side, column
by column and row by row, causing each pixel to be exactly doubled or
quadrupled. But in Cairo, we can just set a transformation matrix, and
then that takes effect _before_ the scalable fonts are rendered - so
the results are visibly nicer, and use all the available resolution.

(Sadly, if you're using a server-side bitmap font as your primary one,
then the GDK backend will be selected for all drawing in the terminal
as a whole - so in that situation, even fallback characters absent
from the primary font and rendered by Pango will get the old GDK
scaling treatment. It's only if your main font is scalable, so that
the Cairo backend is selected, that DW/DH characters will come out
looking nice.)
2015-08-15 21:05:56 +01:00
Simon Tatham
0f60287f66 Stop multifont fallback from crashing in GTK1.
I was tacitly assuming that mfont->fallback would always be non-NULL,
which is true in a world containing Pango, but untrue in GTK1 when
Pango isn't there. In that situation we fall back to just omitting the
characters that would be displayed in the fallback font, on the
grounds that that's better than dereferencing through a NULL vtable.
2015-08-15 20:51:44 +01:00
Tim Kosse
6a70f944f6 Fix format string vulnerabilities.
Reported by Jong-Gwon Kim. Also fixes a few memory leaks in the
process.
2015-08-10 20:03:41 +01:00
Simon Tatham
6eca89aebc Fix compile failure.
I'm sure I removed that 'return 0' at some point! But I must have made
a git error which excluded it from the commit I actually pushed, ahem.
2015-08-09 11:56:38 +01:00
Simon Tatham
7a80ab14e0 GTK 3 prep: write a replacement for gtk_quit_add().
GTK 2 has deprecated it and provided no replacement; a bug tracker
entry I found on the subject suggested that it was functionality that
didn't really belong in GTK, and glib ought to provide a replacement
instead, which would be a perfectly fine thing to suggest if they had
waited for glib to get round to doing so *before* throwing out a
function people were actually using. Sigh.

Anyway, it turns out that subsidiary invocations of gtk_main() don't
happen inside GTK as far as I can see, so all I need to do is to make
sure my own invocations of gtk_main() are followed by a cleanup
function which runs any quit functions that I've registered.

That was the last deprecated GTK function, so we now build cleanly
with -DGTK_DISABLE_DEPRECATED. (But, as mentioned a couple of commits
ago, we still don't build with -DGDK_DISABLE_DEPRECATED, because that
has migrating to Cairo drawing as a prerequisite.)
2015-08-09 11:39:40 +01:00
Simon Tatham
78592116a5 Use gtkcompat.h to slim down a few ifdefs.
Now that I've got a general place to centralise handling of at least
the simple differences between GTK 1 and 2, I should use it wherever
possible. So this commit removes just a small number of ifdefs which
are either obsoleted by definitions already in gtkcompat.h (like
set_size_request vs set_usize), or can easily be replaced by adding
another (e.g. gtk_color_selection_set_has_opacity_control).
2015-08-09 09:59:25 +01:00
Simon Tatham
5fa22495c7 GTK 3 prep: stop using *nearly* all GTK deprecated functions.
Building with -DGTK_DISABLE_DEPRECATED, we now suffer only one compile
failure, for the use of gtk_quit_add() in idle_toplevel_callback_func.
That function is apparently removed with no replacement in GTK 3, so
I'll need to find a completely different approach to getting toplevel
callbacks to run only in the outermost instance of gtk_main().

Also, this change doesn't do anything about the use of *GDK*
deprecated functions, because those include the entire family of
old-style drawing functions - i.e. the only way to build cleanly with
-DGDK_DISABLE_DEPRECATED will be to switch to Cairo drawing.
2015-08-08 18:30:55 +01:00
Simon Tatham
5e55b7a978 Switch to using gtk_window_parse_geometry in GTK 2.
On GTK versions where it's available, this is a much nicer way of
handling the -geometry command-line option, since not only do we get
all the faffing about with gravity for free, it also automatically
sets the user-position WM hints.
2015-08-08 18:23:38 +01:00
Simon Tatham
fbb7c8c481 GTK 3 prep: replace GtkFileSelection with GtkFileChooserDialog.
I've put in a special #define to control this selection, in case I
decide that for reasons of taste I'd prefer to switch back to
GtkFileSelection in GTK2 which supports both!
2015-08-08 17:56:30 +01:00
Simon Tatham
961fd07d08 GTK 3 prep: use gtk_color_selection_get_current_color().
Replaces the deprecated gtk_color_selection_set_color() which took an
array of four doubles (RGBA), and instead takes a 'GdkColor' struct
containing four 16-bit integers.

For GTK1, we still have to retain the original version.
2015-08-08 17:56:28 +01:00
Simon Tatham
1e4273a929 GTK 3 prep: use the glib names for base object types.
All the things like GtkType, GtkObject, gtk_signal_connect and so on
should now consistently have the new-style glib names like GType,
GObject, g_signal_connect, etc.
2015-08-08 17:55:10 +01:00
Simon Tatham
2ac190c06d Allow direct use of X11 to be conditionally compiled out.
A major aim of introducing GTK 3 support is to permit compiling for
non-X11 platforms that GTK 3 supports, so I'm going to need to be able
to build as a pure GTK application with no use of X11 internals.
Naturally, I don't intend to stop supporting the hybrid GTK+X11 mode
in which X server-side bitmap fonts are available.

Use of X11 can be removed by compiling with -DNOT_X_WINDOWS. That's
the same compatibility flag that was already used by the unfinished OS
X port to disable the X-specific parts of uxpty.c; now it just applies
to more source files.

(There's no 'configure' option to set this flag at present. I haven't
worked out whether we'll need one yet.)
2015-08-08 17:54:27 +01:00
Simon Tatham
a6ccb8e720 GTK 3 prep: use GDK_KEY_<keyname> constants, not GDK_<keyname>.
GTK 2 doesn't _documentedly_ provide a helpful compile option to let
us check this one in advance of GTK 3, but you can fake one anyway by
compiling with -D__GDK_KEYSYMS_COMPAT_H__, so that gdkkeysyms-compat.h
will believe that it's already been included :-) We now build cleanly
under GTK 2 with that predefine.
2015-08-08 17:54:27 +01:00
Simon Tatham
0a3e593959 GTK 3 prep: use accessor functions for object data fields.
We now build cleanly in GTK2 with -DGSEAL_ENABLE.
2015-08-08 17:54:19 +01:00
Simon Tatham
8ee12773d8 GTK 3 prep: do not include individual GTK/GDK headers.
This is the first of several cleanup steps recommended by the GTK 2->3
migration guide.

I intend to begin work towards compatibility with GTK 3, but without
breaking GTK 2 and even GTK 1 compatibility in the process; GTK 2 is
still useful to _me_ (not least because it permits much easier support
of old-style server-side X11 fonts), and I recall hearing a rumour
that at least one kind of strange system can only run GTK 1, so for
the moment I don't intend to stop supporting either.

Including gdkkeysyms.h is not optional in GTK 2, because gdk.h does
not include it. In GTK 3 it does, so we don't explicitly reinclude it
ourselves.

We now build cleanly in GTK2 with -DGTK_DISABLE_SINGLE_INCLUDES. (But
that doesn't say much, because we did already! Apparently gdkkeysyms.h
was a special case which that #define didn't forbid.)
2015-08-08 15:10:43 +01:00
Simon Tatham
824ad9430c Make gtkask.c compile under GTK 1.
This is less than ideal - passphrase input now happens in ISO 8859-1,
and the passphrase prompt window is neither centred nor always-on-top.
But it basically works, and restores bare-minimum GTK 1 support to the
codebase as a whole.
2015-08-08 15:10:43 +01:00
Simon Tatham
4eddcb4c56 Fix braino in gtkask.c loop conditions.
If you're counting up to ms_limit in steps of ms_step, it's silly to
add ms_step at the end of the loop body _and_ increment the loop
variable by 1 in the loop header. I must have been half asleep.
2015-07-28 18:49:23 +01:00
Ben Harris
d21041f7f8 Add have_ssh_host_key() and use it to influence algorithm selection.
The general plan is that if PuTTY knows a host key for a server, it
should preferentially ask for the same type of key so that there's some
chance of actually getting the same key again.  This should mean that
when a server (or PuTTY) adds a new host key type, PuTTY doesn't
gratuitously switch to that key type and then warn the user about an
unrecognised key.
2015-05-30 01:01:36 +01:00
Simon Tatham
5ea2f3065e Unix Pageant: man page and online help.
I think Unix Pageant is now more or less usable, though of course I
wouldn't blame anyone for sticking with other SSH agent solutions.
2015-05-19 18:24:04 +01:00
Simon Tatham
35fde00fd1 Fix a compile warning with -DDEBUG.
An unguarded write() in the dputs function caused gcc -Werror to fail
to compile. I'm confused that this hasn't bitten me before, though -
obviously normal builds of PuTTY condition out the faulty code, but
_surely_ this can't be the first time I've enabled the developer
diagnostics since gcc started complaining about unchecked syscall
returns!
2015-05-18 21:17:21 +01:00
Simon Tatham
c8f83979a3 Log identifying information for the other end of connections.
When anyone connects to a PuTTY tool's listening socket - whether it's
a user of a local->remote port forwarding, a connection-sharing
downstream or a client of Pageant - we'd like to log as much
information as we can find out about where the connection came from.

To that end, I've implemented a function sk_peer_info() in the socket
abstraction, which returns a freeform text string as best it can (or
NULL, if it can't get anything at all) describing the thing at the
other end of the connection. For TCP connections, this is done using
getpeername() to get an IP address and port in the obvious way; for
Unix-domain sockets, we attempt SO_PEERCRED (conditionalised on some
moderately hairy autoconfery) to get the pid and owner of the peer. I
haven't implemented anything for Windows named pipes, but I will if I
hear of anything useful.
2015-05-18 14:03:10 +01:00
Simon Tatham
454fe4fdf7 askpass: don't treat releases of Ret or Esc as presses.
Caused an embarrassing failure just now trying to run the test program
from a command prompt - I had Return still held down by the time it
started up, and my release of it immediately terminated input :-)
2015-05-17 16:40:36 +01:00
Simon Tatham
89da2ddf56 Giant const-correctness patch of doom!
Having found a lot of unfixed constness issues in recent development,
I thought perhaps it was time to get proactive, so I compiled the
whole codebase with -Wwrite-strings. That turned up a huge load of
const problems, which I've fixed in this commit: the Unix build now
goes cleanly through with -Wwrite-strings, and the Windows build is as
close as I could get it (there are some lingering issues due to
occasional Windows API functions like AcquireCredentialsHandle not
having the right constness).

Notable fallout beyond the purely mechanical changing of types:
 - the stuff saved by cmdline_save_param() is now explicitly
   dupstr()ed, and freed in cmdline_run_saved.
 - I couldn't make both string arguments to cmdline_process_param()
   const, because it intentionally writes to one of them in the case
   where it's the argument to -pw (in the vain hope of being at least
   slightly friendly to 'ps'), so elsewhere I had to temporarily
   dupstr() something for the sake of passing it to that function
 - I had to invent a silly parallel version of const_cmp() so I could
   pass const string literals in to lookup functions.
 - stripslashes() in pscp.c and psftp.c has the annoying strchr nature
2015-05-15 12:47:44 +01:00
Simon Tatham
b5fd5969f4 Unix Pageant: fix further double-frees.
No need to sfree(err) before going to the cleanup code, because the
whole point of shared cleanup code is that that will do it for us.
2015-05-15 11:02:51 +01:00
Simon Tatham
a5fc95b715 Const-correctness of name fields in struct ssh_*.
All the name strings in ssh_cipher, ssh_mac, ssh_hash, ssh_signkey
point to compile-time string literals, hence should obviously be const
char *.

Most of these const-correctness patches are just a mechanical job of
adding a 'const' in the one place you need it right now, and then
chasing the implications through the code adding further consts until
it compiles. But this one has actually shown up a bug: the 'algorithm'
output parameter in ssh2_userkey_loadpub was sometimes returning a
pointer to a string literal, and sometimes a pointer to dynamically
allocated memory, so callers were forced to either sometimes leak
memory or sometimes free a bad thing. Now it's consistently
dynamically allocated, and should be freed everywhere too.
2015-05-15 10:12:06 +01:00
Simon Tatham
75b7ba26d3 Unix Pageant: implement GUI passphrase prompting.
I've written my own analogue of OpenSSH's ssh-askpass. At the moment,
it's contained inside Pageant proper, though it could easily be
compiled into a standalone binary as well or instead.

Unlike OpenSSH's version, I don't use a GTK edit box; instead I just
process key events myself and append them to a buffer. The big
advantage of doing this is that I can arrange for ^W and ^U to
function as they do in terminal line editing, i.e. delete a word or
delete the whole line.

^W in particular is really valuable when typing a multiple-word
passphrase unseen. If you feel yourself making the kind of typo in
which you're not sure if you pressed six keys or just five, you can
hit ^W and restart just that word, without either having to go right
back to the beginning or carry on and see if you feel lucky.

A delete-word function would of course be an information leak in even
an obscured edit box (displaying a blob per character), so instead I
give a visual acknowledgment of keypresses by a more ad-hoc means: I
display three lights in the box, and every meaningful keypress turns
off the currently active one and instead turns on a randomly selected
one of the others. (So the lit light doesn't even indicate _mod 3_ how
many keys have been pressed.)
2015-05-13 15:34:03 +01:00
Simon Tatham
460c45dd23 Unix Pageant: factor out have_controlling_tty().
I'm going to want to reuse it when deciding on a passphrase-prompting
strategy.
2015-05-13 14:00:29 +01:00
Simon Tatham
a181639521 Unix Pageant: fix a double-free when adding keys.
I had freed the comment string coming back from pageant_add_keyfile,
but not NULLed out the pointer, so that the cleanup code at the end of
the function would have freed it again.
2015-05-13 14:00:26 +01:00
Simon Tatham
c6c23ed84b Unix Pageant: support -D, to delete all keys. 2015-05-12 14:56:39 +01:00
Simon Tatham
e533097e15 Unix Pageant: provide public-key extraction options.
I've decided against implementing an option exactly analogous to
'ssh-add -L' (printing the full public key of everything in the
agent). Instead, you can identify a specific key to display in full,
by any of the same means -d lets you use, and then print it in either
of the public key formats we support.
2015-05-12 14:56:39 +01:00
Simon Tatham
4d88fe3dde Unix Pageant: support -d, to delete a key from the agent.
Unlike ssh-add, we can identify the key by its comment or by a prefix
of its fingerprint as well as using a public key file on disk. The
string given as an argument to -d is interpreted as whichever of those
things matches; disambiguating prefixes are available if needed.
2015-05-12 14:56:25 +01:00
Simon Tatham
511d967d25 Unix Pageant: first draft of -l key list option.
It doesn't look very pretty at the moment, but it lists the keys and
gets the fingerprints right.
2015-05-11 18:45:34 +01:00
Simon Tatham
af20ed5799 Unix Pageant: support loading keys.
You can now load keys at Pageant init time, by putting the key file
names as bare arguments on the command line, e.g. 'pageant -T key.ppk'
or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk'
behaves more or less like ssh-add, contacting an existing agent to add
the key.

The askpass() function currently supports terminal-based prompting
only. X11 askpass is yet to be implemented.
2015-05-11 18:07:14 +01:00
Simon Tatham
cd528f3e76 Unix Pageant: link in uxagentc.c and uxcons.c.
This brings in the code we'll need to request passphrases from the
terminal, and to talk to an existing SSH agent as a client.

Adding uxcons.c required adjusting the set of stub functions in
uxpgnt.c: uxcons.c removed the need for several, but added one of its
own (log_eventlog). A net win, though.
2015-05-11 18:06:13 +01:00
Simon Tatham
da944972d8 Unix Pageant: prepare to add client-side modes.
I've moved the setup and running of the actual agent server into
run_agent(), so that main() is now only command-line parsing and
validation. We recognise a collection of new command-line options for
talking to an existing agent as a client (analogous to ssh-add), which
go to a new run_client() function, but I haven't filled in that
function itself yet.
2015-05-11 17:56:37 +01:00
Simon Tatham
b4f17f26e3 Support synchronous agent requests on Unix.
This is only intended for use in Unix Pageant; for any application
that's actually trying to get something else useful done at the same
time as the agent request is pending, it's much more sensible to use
the more rigorous existing approach of requesting a callback once the
agent request is answered.

Adding this mode is the easiest way to allow Unix Pageant's
command-line key loading to work, but it doesn't solve the underlying
problem that the supposedly cross-platform pageant_add_keyfile will
not work on a platform where we really _are_ constrained to do agent
requests asynchronously (perhaps because we're a GUI app in some
system that doesn't let us control our own top-level event loop).

If and when that situation arises, I'll have no choice but to turn
pageant_add_keyfile and friends (specifically, any function in
pageant.c that calls agent_query) into coroutine-structured functions,
and have clients call them repeatedly until they return 'finished'.

But for now, this is a lot easier!
2015-05-11 17:52:19 +01:00
Simon Tatham
8228085c54 Unix Pageant: move handling of --exec arguments.
Now --exec instantly terminates option processing, by treating
everything after it as the command. This means it doesn't matter if
the --exec command word looks like another option, and it also means
we can simplify the handling of real non-option argument words, when I
get round to adding some for loading keys.
2015-05-11 15:49:09 +01:00
Simon Tatham
c59c6a8db9 Unix Pageant: -T option, tying lifetime to controlling tty.
This is intended to be a useful mode when you want to run an ssh agent
in a terminal session with no X11 available. You just execute a
command along the lines of eval $(pageant -T), and then Pageant will
run in the background for the rest of that terminal session - and when
the terminal session ends, so that Pageant loses its controlling tty,
it will take that as the signal to shut down. So, no need to manually
kill it, and unlike 'pageant --exec $SHELL', you can also do this half
way through a session if you don't realise until later that you need
an SSH agent, without losing any shell command history or other shell
context that you've accumulated so far in the session.

Unfortunately, I haven't been able to find any reliable way to
actually implement this -T mode, short of having Pageant wake up at
regular intervals and try to open /dev/tty to see if it's still there.
I had hoped that I could arrange to reliably get SIGHUP, or select on
/dev/tty for exceptional conditions, or some such, but nothing I've
tried along those lines seems to work.
2015-05-11 13:12:47 +01:00
Simon Tatham
42c592c4ef Completely remove the privdata mechanism in dialog.h.
The last use of it, to store the contents of the saved session name
edit box, was removed nearly two years ago in svn r9923 and replaced
by ctrl_alloc_with_free. The mechanism has been unused ever since
then, and I suspect any further uses of it would be a bad idea for the
same reasons, so let's get rid of it.
2015-05-08 19:04:16 +01:00
Simon Tatham
f4956a1f9d Fix two small memory leaks in config mechanism.
The memory dangling off ssd->sesslist should be freed when ssd itself
goes away, and the font settings ctrlset we delete in gtkcfg.c should
be freed as well once it's been removed from its containing array.

Thanks to Ranjini Aravind for pointing these out.
2015-05-08 18:57:18 +01:00
Simon Tatham
47c9a6ef0b Clean up Unix Pageant's setup and teardown.
I've moved the listening socket setup back to before the lifetime
preparations, so in particular we find out that we couldn't bind to
the socket _before_ we fork. The only part that really needed to come
after lifetime setup was the logging setup, so that's now a separate
function called later.

Also, the random exit(0)s in silly places like x11_closing have turned
into setting a time_to_die flag, so that all clean exits funnel back
to the end of main() which at least tries to tidy up a bit afterwards.

(Finally, fixed a small bug in testing the return value of waitpid(),
which only showed up once we didn't exit(0) after the first wait.
Ahem.)
2015-05-07 19:06:12 +01:00
Simon Tatham
bc4066e454 Put proper logging into Pageant.
Now it actually logs all its requests and responses, the fingerprints
of keys mentioned in all messages, and so on.

I've also added the -v option, which causes Pageant in any mode to
direct that logging information to standard error. In --debug mode,
however, the logging output goes to standard output instead (because
when debugging, that information changes from a side effect to the
thing you actually wanted in the first place :-).

An internal tweak: the logging functions now take a va_list rather
than an actual variadic argument list, so that I can pass it through
several functions.
2015-05-06 19:45:04 +01:00
Simon Tatham
340143cea7 Remove some FIXMEs left in from initial work.
LIFE_EXEC is already dealt with, and I forgot to take out the comment
reminding me to do it, ahem.

The LIFE_PARENT mentioned in the same comment was an idea I had but
couldn't think of a way to make it work: if you have a terminal-only
shell session in which you want to eval $(ssh-agent), then it's
annoying and fragile to have to remember to kill the agent when you
log out, so you'd like it to automatically tie its lifetime to that of
the shell from which you invoked it. Unfortunately, I don't know of
any way to do that without race conditions. (E.g. if only pageant
didn't fork, then it could poll its own ppid until it became 1 - but
the child process would find it was 1 already.)
2015-05-06 18:08:05 +01:00
Simon Tatham
c52108234b Provide a Unix port of Pageant.
This is much more like ssh-agent than the Windows version is - it sets
SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other
processes, rather than Windows Pageant's approach of establishing
itself in a well-known location. But the actual agent code is the same
as Windows Pageant.

For the moment, this is an experimental utility and I don't expect it
to be useful to many people; its immediate use to me is that it
provides a way to test and debug the agent code on Unix, and also to
use the agent interface as a convenient way to exercise public key
functions I want to debug. And of course it means I can be constantly
using and testing my own code, on whatever platform I happen to be
using. In the further future, I have a list of possible features I
might add to it, but I don't know which ones I'll decide are
worthwhile.

One feature I've already put in is a wider range of lifetime
management options than ssh-agent: the -X mode causes Pageant to make
a connection to your X display, and automatically terminate when that
connection closes, so that it has the same lifetime as your X session
without having to do the cumbersome trick of exec()ing the subsequent
session-management process.
2015-05-05 20:16:23 +01:00
Simon Tatham
76e2ffe49d Move make_dir_and_check_ours() out into uxmisc.c.
I'm going to want to use it for a second purpose in a minute.
2015-05-05 20:16:22 +01:00
Jacob Nevins
954df095f4 Merge branch 'pre-0.64' 2015-01-08 23:50:34 +00:00
Jacob Nevins
3a9ce5074d Use local username consistently in Unix Plink.
It tries to use the local username as the remote username if it has no
better ideas, but the presence of Default Settings would defeat this,
even if it had no username set. Reported by Jonathan Amery.
2015-01-05 23:51:12 +00:00
Jacob Nevins
5904545cc1 Merge branch 'pre-0.64' 2015-01-05 23:49:25 +00:00
Jacob Nevins
f3685eb948 Fix a copy-and-pasted comment. 2015-01-05 23:48:11 +00:00
Jacob Nevins
bff08a95e7 It's a new year. 2015-01-05 23:48:11 +00:00
Simon Tatham
23208779e7 Merge branch 'pre-0.64' 2014-12-20 18:52:40 +00:00
Simon Tatham
fe24f4dfba Add a missing freeaddrinfo() in Unix sk_newlistener.
If we use getaddrinfo to translate the source IP address into a
sockaddr, then we need to freeaddrinfo the returned data later. Patch
due to Tim Kosse.
2014-12-20 17:00:01 +00:00
Simon Tatham
d23c0972cd Merge branch 'pre-0.64' 2014-11-22 16:42:01 +00:00
Simon Tatham
8c09f85a64 Stop referring to Plink as "PuTTY Link".
I don't think anyone has ever actually called it that, colloquially
_or_ formally, and if anyone ever did (in a bug report, say) I'd
probably have to stop and think to work out what they meant. It's
universally called Plink, and should be officially so as well :-)
2014-11-22 16:39:25 +00:00
Simon Tatham
c269dd0135 Move echo/edit state change functionality out of ldisc_send.
I'm not actually sure why we've always had back ends notify ldisc of
changes to echo/edit settings by giving ldisc_send(ldisc,NULL,0,0) a
special meaning, instead of by having a separate dedicated notify
function with its own prototype and parameter set. Coverity's recent
observation that the two kinds of call don't even have the same
requirements on the ldisc (particularly, whether ldisc->term can be
NULL) makes me realise that it's really high time I separated the two
conceptually different operations into actually different functions.

While I'm here, I've renamed the confusing ldisc_update() function
which that special operation ends up feeding to, because it's not
actually a function applying to an ldisc - it applies to a front end.
So ldisc_send(ldisc,NULL,0,0) is now ldisc_echoedit_update(ldisc), and
that in turn figures out the current echo/edit settings before passing
them on to frontend_echoedit_update(). I think that should be clearer.
2014-11-22 16:18:00 +00:00
Jacob Nevins
38ec5cbb6b Merge Gtk event log fix from 'pre-0.64'. 2014-11-08 22:22:49 +00:00
Jacob Nevins
a45f4c2955 Fix a double-free in the Gtk event log.
It could occur some time after a line was selected in the event log
window.
2014-11-08 22:22:34 +00:00
Simon Tatham
880421a9af Add Christopher Staite to the list of copyright holders. 2014-11-02 18:16:54 +00:00
Jacob Nevins
a44a6c3c54 Move -sercfg out of the "SSH only" section of command-line help.
[originally from svn r10230]
2014-09-20 22:51:27 +00:00
Jacob Nevins
addf6219bd Update command-line help and man pages for -hostkey.
[originally from svn r10229]
2014-09-20 22:49:47 +00:00
Simon Tatham
24cd95b6f9 Change the naming policy for connection-sharing Unix sockets.
I had initially assumed that, since all of a user's per-connection
subdirectories live inside a top-level putty-connshare.$USER directory
that's not accessible to anyone else, there would be no need to
obfuscate the names of the internal directories for privacy, because
nobody would be able to look at them anyway.

Unfortunately, that's not true: 'netstat -ax' run by any user will
show up the full pathnames of Unix-domain sockets, including pathname
components that you wouldn't have had the access to go and look at
directly. So the Unix connection sharing socket names do need to be
obfuscated after all.

Since Unix doesn't have Windows's CryptProtectMemory, we have to do
this manually, by creating a file of random salt data inside the
top-level putty-connshare directory (if there isn't one there already)
and then hashing that salt with the "user@host" connection identifier
to get the socket directory name. What a pain.

[originally from svn r10222]
2014-09-09 12:47:39 +00:00
Simon Tatham
f3860ec95e Add an option to suppress horizontal scroll bars in list boxes.
I'm about to add a list box which expects to contain some very long
but uninformative strings, and which is also quite vertically squashed
so there's not much room for a horizontal scroll bar to appear in it.
So here's an option in the list box specification structure which
causes the constructed GTKTreeView to use the 'ellipsize' option for
all its cell renderers, i.e. too-long strings are truncated with an
ellipsis.

Windows needs no change, because its list boxes already work this way.

[originally from svn r10219]
2014-09-09 11:46:14 +00:00
Simon Tatham
bc8de8a331 Another fix to timer handling.
Robert de Bath points out that failure to remove the timer whose
callback returned FALSE may not have been the cause of runaway timer
explosion; another possibility is that a function called from
timer_trigger()'s call to run_timers() has already set a timer up by
the time run_timers() returns, and then we set another one up on top
of it. Fix that too.

[originally from svn r10206]
2014-07-13 07:49:29 +00:00
Simon Tatham
4647eded7c Work around a timer leak with GTK 2.4.22 on openSUSE 13.1.
Mihkel Ader reports that on that system, timers apparently aren't
getting auto-destroyed when timer_trigger returns FALSE, so the change
in r10181 has caused GTK PuTTY to gradually allocate more and more
timers and consume more and more CPU as they all keep firing.

As far as I can see, this must surely be a bug in GTK 2 (the docs say
that timers _are_ auto-destroyed when their callback returns false),
and it doesn't seem to happen for me with GTK 2.4.23 on Ubuntu 14.04.
However, I'll try to work around it by _explicitly_ destroying each
old timer before we zero out the variable containing its id.

[originally from svn r10202]
[r10181 == e4c4bd2092]
2014-07-08 22:22:12 +00:00
Simon Tatham
e4c4bd2092 Fix an annoying warning from GTK on Ubuntu 14.04.
Timer objects evaporate when our timer_trigger callback is called, and
therefore we should not remember their ids beyond that time and
attempt to cancel them later. Previous versions of GTK silently
ignored us doing that, but upgrading to Ubuntu Trusty has given me a
version of GTK that complains about it, so let's stop doing it.

[originally from svn r10181]
2014-04-20 16:48:18 +00:00
Simon Tatham
a947c49bec Move the Unix configure script up to the top level.
Previously, 'configure' and its assorted machinery lived in the 'unix'
subdir, because that seemed like a clean place to keep it given that
all the other per-platform Makefiles live in their platform
directories. However, this never sat all that happily with autotools,
and even less so now that it likes to have object file pathnames
parallel source file pathnames: if you have Makefile.am refer to
source files outside its subdir as "../terminal.c" and enable
subdir-objects then any out-of-tree build calls the corresponding
object file "../terminal.o" and so your build products mostly end up
at the directory above your build dir! And as of autotools 1.14 my
previous compensatory bodge of prefixing every source file path in
Makefile.am with "$(srcdir)" has stopped working too.

So I'm giving in to necessity, and changing policy by moving the
configure machinery up to the top level of the source tree where
autotools will be less confused by it. This should not be taken as any
indication of the primacy of the Unix port, only of the recalcitrance
of autotools.

Whereas before we had a trivial script called 'configure' at the top
level that invoked unix/configure to effectively do an 'out-of-tree
build' (for make purposes) at the top level of the source tree, we now
have a similar script in unix/configure. So this _should_ make very
little difference: people who were previously running configure from
the top level should still be able to, and likewise people who were
running it from the unix subdir.

[originally from svn r10141]
2014-02-22 18:01:32 +00:00
Simon Tatham
f272ea88db Enable xterm mouse reporting of wheel actions in GTK.
I had somehow missed this completely out of the GTK mouse-button
handling and never noticed until now!

Of course, like any other mouse action, if you want it to be handled
locally rather than passed through then you can hold down Shift.

[originally from svn r10139]
2014-02-16 16:40:46 +00:00
Simon Tatham
0f04cab151 Revert half of r10135, and re-fix properly.
One of my changes in uxnet.c was outside the NO_IPV6 ifdef, and broke
compilation in the normal mode. Revert all changes in that file and
replace with a reference to the 'step' parameter in the no-IPv6
version of the SOCKADDR_FAMILY macro, so that those warnings are
squelched anyway.

[originally from svn r10136]
[r10135 == e00a004e64]
2014-02-05 21:51:25 +00:00
Simon Tatham
e00a004e64 Fix warnings when compiling with -DNO_IPV6.
A user pointed out that 'family' was uninitialised in config.c, and
when I tried test-building with -DNO_IPV6 (and the usual -Werror, of
course) some unused variables showed up in uxnet.c too.

[originally from svn r10135]
2014-02-04 22:37:53 +00:00
Simon Tatham
2b70f39061 Avoid misidentifying unbracketed IPv6 literals as host:port.
Both GUI PuTTY front ends have a piece of logic whereby a string is
interpreted as host:port if there's _one_ colon in it, but if there's
more than one colon then it's assumed to be an IPv6 literal with no
trailing port number. This permits the PuTTY command line to take
strings such as 'host', 'host:22' or '[::1]:22', but also cope with a
bare v6 literal such as '::1'.

This logic is also required in the two Plink front ends and in the
processing of CONF_loghost for host key indexing in ssh.c, but was
missing in all those places. Add it.

[originally from svn r10121]
2014-01-25 15:58:57 +00:00
Simon Tatham
8da4fa5063 Use the new host_str* functions to improve IPv6 literal support.
I've gone through everywhere we handle host names / addresses (on
command lines, in PuTTY config, in port forwarding, in X display
names, in host key storage...) and tried to make them handle IPv6
literals sensibly, by using the host_str* functions I introduced in my
previous commit. Generally it's now OK to use a bracketed IPv6 literal
anywhere a hostname might have been valid; in a few cases where no
ambiguity exists (e.g. no :port suffix is permitted anyway)
unbracketed IPv6 literals are also acceptable.

[originally from svn r10120]
2014-01-25 15:58:54 +00:00
Jacob Nevins
bd119b1fba It's a new year.
[originally from svn r10114]
2014-01-15 23:57:54 +00:00
Simon Tatham
df1eee6027 Make GTK idle and quit function setup idempotent.
I found last week that when a local proxy process terminated
unexpectedly, Unix PuTTY went into a tight loop calling quit
functions, because if idle_toplevel_callback_func is called from
inside a subsidiary gtk_main then it will schedule a quit function and
_not_ disable itself, so that that quit function keeps being
rescheduled on subsequent calls.

To fix, I've tried to make the whole handling of idle and quit
functions more sensibly robust: we keep our own boolean flag
indicating whether each of our functions has already been scheduled
with GTK, and if so, we don't schedule the same one again. Also, when
idle_toplevel_callback_func schedules a quit function, it should
unschedule itself since it's now done everything it can until a
gtk_main instance quits.

[originally from svn r10100]
2013-11-30 18:04:57 +00:00
Simon Tatham
b12fbeffd6 Restore compatibility with older autoconfs.
The one in Ubuntu 10.04 doesn't know what AM_PROG_AR means, so
configure.ac was broken in r10053 when fixing compatibility with later
versions; you can't win...

[originally from svn r10086]
[r10053 == 2d9cc79d53]
2013-11-18 19:07:11 +00:00
Simon Tatham
85d1e7608e Fix an assortment of dupprintf() format string bugs.
I've enabled gcc's format-string checking on dupprintf, by declaring
it in misc.h to have the appropriate GNU-specific attribute. This
pointed out a selection of warnings, which I've fixed.

[originally from svn r10084]
2013-11-17 14:05:44 +00:00
Simon Tatham
bb78583ad2 Implement connection sharing between instances of PuTTY.
The basic strategy is described at the top of the new source file
sshshare.c. In very brief: an 'upstream' PuTTY opens a Unix-domain
socket or Windows named pipe, and listens for connections from other
PuTTYs wanting to run sessions on the same server. The protocol spoken
down that socket/pipe is essentially the bare ssh-connection protocol,
using a trivial binary packet protocol with no encryption, and the
upstream has to do some fiddly transformations that I've been
referring to as 'channel-number NAT' to avoid resource clashes between
the sessions it's managing.

This is quite different from OpenSSH's approach of using the Unix-
domain socket as a means of passing file descriptors around; the main
reason for that is that fd-passing is Unix-specific but this system
has to work on Windows too. However, there are additional advantages,
such as making it easy for each downstream PuTTY to run its own
independent set of port and X11 forwardings (though the method for
making the latter work is quite painful).

Sharing is off by default, but configuration is intended to be very
easy in the normal case - just tick one box in the SSH config panel
and everything else happens automatically.

[originally from svn r10083]
2013-11-17 14:05:41 +00:00
Simon Tatham
8be6fbaa09 Remove sk_{get,set}_private_ptr completely!
It was only actually used in X11 and port forwarding, to find internal
state structures given only the Socket that ssh.c held. So now that
that lookup has been reworked to be the sensible way round,
private_ptr is no longer used for anything and can be removed.

[originally from svn r10075]
2013-11-17 14:04:48 +00:00
Simon Tatham
489590cbd4 Reliably initialise uxnet's socket fd fields to -1.
This prevents embarrassing mess-ups involving getting back a Socket
which has mostly been memset to 0 but contains an error message,
sk_close()ing it to free the memory, and finding that standard input
has been closed as a side effect.

[originally from svn r10073]
2013-11-17 14:04:33 +00:00
Simon Tatham
6f6e9db932 Add support in uxnet.c for Unix-domain listening sockets.
There are two new functions: one to construct a SockAddr wrapping a
Unix socket pathname (which can also be used as the destination for
new_connection), and one to establish a new listening Unix-domain
socket.

[originally from svn r10072]
2013-11-17 14:04:29 +00:00
Simon Tatham
19fba3fe55 Replace the hacky 'OSSocket' type with a closure.
The mechanism for constructing a new connection-type Socket when a
listening one receives an incoming connection previously worked by
passing a platform-specific 'OSSocket' type to the plug_accepting
function, which would then call sk_register to wrap it with a proper
Socket instance. This is less flexible than ideal, because it presumes
that only one kind of OS object might ever need to be turned into a
Socket. So I've replaced OSSocket throughout the code base with a pair
of parameters consisting of a function pointer and a context such that
passing the latter to the former returns the appropriate Socket; this
will permit different classes of listening Socket to pass different
function pointers.

In deference to the reality that OSSockets tend to be small integers
or pointer-sized OS handles, I've made the context parameter an
int/pointer union that can hold either of those directly, rather than
the usual approach of making it a plain 'void *' and requiring a
context structure to be dynamically allocated every time.

[originally from svn r10068]
2013-11-17 14:03:55 +00:00
Simon Tatham
2d9cc79d53 Fix build failures on Ubuntu 13.10.
Automake now insists that we run AM_PROG_AR if we're going to build a
library, and AM_PROG_CC_C_O if we're going to build anything with
extra compile options. Those extra macros seem harmless in previous
versions of automake.

[originally from svn r10053]
2013-10-26 14:00:10 +00:00
Simon Tatham
7223973988 Fix cut-and-paste errors in nonfatal() implementations.
Unix GUI programs should not say 'Fatal Error' in the message box
title, and Plink should not destroy its logging context as a side
effect of printing a non-fatal error. Both appear to have been due to
inattentive cut and paste from the pre-existing fatal error functions.

[originally from svn r10044]
2013-09-23 14:35:08 +00:00
Simon Tatham
5c4ce2fadf Only run one toplevel callback per event loop iteration.
This change attempts to reinstate as a universal property something
which was sporadically true of the ad-hockery that came before
toplevel callbacks: that if there's a _very long_ queue of things to
be done through the callback mechanism, the doing of them will be
interleaved with re-checks of other event sources, which might (e.g.)
cause a flag to be set which makes the next callback decide not to do
anything after all.

[originally from svn r10040]
2013-09-15 14:05:31 +00:00
Simon Tatham
6805bdcd6a Don't run toplevel callbacks in modal dialogs.
Because some of them can call gtk_main_quit(), which completely
confuses the dialog box system.

[originally from svn r10029]
2013-08-18 10:56:20 +00:00
Simon Tatham
d35a41f6ba Revamp net_pending_errors using toplevel callbacks.
Again, I've removed the special-purpose ad-hockery from the assorted
front end message loops that dealt with deferred handling of socket
errors, and instead uxnet.c and winnet.c arrange that for themselves
by calling the new general top-level callback mechanism.

[originally from svn r10023]
2013-08-17 16:06:27 +00:00
Simon Tatham
a44366585f Revamp GTK's session close handling using toplevel callbacks.
Instead of having a special GTK idle function for dealing with session
closing, I now use the new top-level callback mechanism which is
slightly simpler for calling a one-off function.

Also in this commit, I've arranged for connection_fatal to queue a
call to the same session close function after displaying the message
box, with the effect that now all the same processing takes place no
matter whether the session closes cleanly or uncleanly - e.g. the SSH
specials submenu is cleaned out, as it should be.

[originally from svn r10022]
2013-08-17 16:06:22 +00:00
Simon Tatham
7be9af74ec Revamp the terminal paste mechanism using toplevel callbacks.
I've removed the ad-hoc front-end bodgery in the Windows and GTK ports
to arrange for term_paste to be called at the right moments, and
instead, terminal.c itself deals with knowing when to send the next
chunk of pasted data using a combination of timers and the new
top-level callback mechanism.

As a happy side effect, it's now all in one place so I can actually
understand what it's doing! It turns out that what all that confusing
code was up to is: send a line of pasted data, and delay sending the
next line until either a CR or LF is returned from the server
(typically indicating that the pasted text has been received and
echoed) or 450ms elapse, whichever comes first.

[originally from svn r10020]
2013-08-17 16:06:12 +00:00
Simon Tatham
75c79e318f Add a general way to request an immediate top-level callback.
This is a little like schedule_timer, in that the callback you provide
will be run from the top-level message loop of whatever application
you're in; but unlike the timer mechanism, it will happen
_immediately_.

The aim is to provide a general way to avoid re-entrance of code, in
cases where just _doing_ the thing you want done is liable to trigger
a confusing recursive call to the function in which you came to the
decision to do it; instead, you just request a top-level callback at
the message loop's earliest convenience, and do it then.

[originally from svn r10019]
2013-08-17 16:06:08 +00:00
Jacob Nevins
0cc6fb8bfe Belatedly update the copyright year to 2013.
[originally from svn r9993]
[this svn revision also touched putty-website]
2013-08-05 15:15:17 +00:00
Simon Tatham
808df44e54 Add an assortment of missing consts I've just noticed.
[originally from svn r9972]
2013-07-27 18:35:48 +00:00
Simon Tatham
61e555ec79 Rationalise null pointer checks in both decode_codepage functions, so
that decode_codepage(NULL) and decode_codepage("") both return the
default character set.

[originally from svn r9961]
2013-07-22 07:12:05 +00:00
Simon Tatham
7426b8f215 Completely remove the 'frozen_readable' mechanism from uxnet.c. It
parallels a similar mechanism in winnet.c and came over by copy and
paste, but is pointless in the Unix networking API.

On Windows, if you're using a mechanism such as WSAAsyncSelect which
delivers readability notifications as messages rather than return
values from a system call, you only get notified that a socket is
readable once - it remembers that it's told you, and doesn't tell you
again until after you've done a read. So in the case where we
intentionally stop reading from a socket because our local buffer is
full, and later want to start reading again, we do a read from the
socket with MSG_PEEK set, and that clears Windows's flag and tells it
to start sending us readability notifications again.

On Unix, select() and friends didn't do anything so strange in the
first place, so the whole mechanism is unnecessary.

[originally from svn r9951]
2013-07-21 07:40:36 +00:00
Simon Tatham
77791de4e1 Fix error checking in uxstore.c: add a missing check, and fix a
mis-cut-and-pasted one.

[originally from svn r9950]
2013-07-21 07:40:30 +00:00
Simon Tatham
f1d6fa4712 When I turned fcntls into noncloexecs in r9940, I missed one.
[originally from svn r9949]
[r9940 == b426872219]
2013-07-21 07:40:28 +00:00
Simon Tatham
08d46fca51 Two more memory leak fixes, on error paths I didn't spot in r9919.
[originally from svn r9948]
[r9919 == ea301bdd9b]
2013-07-21 07:40:26 +00:00
Simon Tatham
adf8b3222f Fix leak of 'fname' introduced by the rewrite of write_random_seed in
r9933.

[originally from svn r9945]
[r9933 == 2854ae1f33]
2013-07-20 13:15:16 +00:00
Simon Tatham
3af26af19e Redo a mis-fix of a memory leak in r9919: I added sfree(data)
immediately after conf_deserialise in the Duplicate Session receiver,
whereas I should have put it after the subsequent loop that extracts
the pty argv if any.

[originally from svn r9943]
[r9919 == ea301bdd9b]
2013-07-20 13:15:10 +00:00
Simon Tatham
b426872219 Centralise calls to fcntl into functions that carefully check the
error returns.

[originally from svn r9940]
2013-07-19 18:10:02 +00:00
Simon Tatham
96f3589e16 Add an error check to every setsockopt call in uxnet.c.
[originally from svn r9939]
2013-07-19 17:45:01 +00:00
Simon Tatham
407fd7b9ab Better error reporting when failing to save a session.
[originally from svn r9937]
2013-07-19 17:44:53 +00:00
Simon Tatham
13bac5ed69 Add some missing calls to cleanup_exit.
[originally from svn r9936]
2013-07-19 17:44:47 +00:00
Simon Tatham
b4adf61bc7 Report errors in store_host_key too.
[originally from svn r9934]
2013-07-19 17:44:38 +00:00
Simon Tatham
2854ae1f33 Add proper error reports in write_random_seed, via the new 'nonfatal'
error reporting function.

[originally from svn r9933]
2013-07-19 17:44:33 +00:00
Simon Tatham
acf38797eb Add a nonfatal() function everywhere, to be used for reporting things
that the user really ought to know but that are not actually fatal to
continued operation of PuTTY or a single network connection.

[originally from svn r9932]
2013-07-19 17:44:28 +00:00
Simon Tatham
1d21346d4c Add a missing error check in pterm's child-process setup. Shouldn't
really fail, but might as well be careful.

[originally from svn r9931]
2013-07-19 17:44:22 +00:00
Simon Tatham
ea301bdd9b Fix another giant batch of resource leaks. (Mostly memory, but there's
one missing fclose too.)

[originally from svn r9919]
2013-07-14 10:46:07 +00:00
Simon Tatham
896bb7c74d Tighten up a lot of casts from unsigned to int which are read by one
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.

[originally from svn r9918]
2013-07-14 10:45:54 +00:00
Simon Tatham
1662a2f6cf Fix an always-false if statement which was causing the window border
not to be redrawn when the user reconfigured the background colour.

[originally from svn r9917]
2013-07-14 10:45:48 +00:00
Simon Tatham
3d69dd2071 Add missing checks in update_for_intended_size() in the font selector
code, which would have coped badly if ever asked to select the first
font in the list at a size smaller than it supported. Luckily the
first font tended to be one of the X numeric aliases (e.g. 10x20)
which was stored with size zero, so this probably didn't actually come
up for anyone, but better safe than sorry.

[originally from svn r9910]
2013-07-11 17:24:28 +00:00
Simon Tatham
5a04ae3420 Fix a pty-freeing error which caused a segfault if you attempted to
use Restart Session in a post-not-close-on-exit pterm.

[originally from svn r9909]
2013-07-11 17:24:23 +00:00
Simon Tatham
1f3901a3a2 Add some missing null checks for inst->ldisc, which were causing
segfaults if a PuTTY or pterm did not close on exit and then you
either typed something via input_method_commit_event or changed the
line editing or echo settings.

[originally from svn r9908]
2013-07-11 17:24:20 +00:00
Simon Tatham
916cd3f0cd Remove another pointless null check, this time of inst->back in the
function which has just dereferenced it to get the exit code.

[originally from svn r9907]
2013-07-11 17:24:14 +00:00
Simon Tatham
bbc9709b48 A collection of small bug fixes from Chris West, apparently spotted by
Coverity: assorted language-use goofs like freeing the wrong thing or
forgetting to initialise a string on all code paths.

[originally from svn r9889]
2013-07-01 17:56:33 +00:00
Simon Tatham
c5876a8ba2 Fallback for manual setup of GTK 1, if autoconf is run on a system
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.

(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)

[originally from svn r9868]
2013-06-15 19:58:10 +00:00
Simon Tatham
15f1bc7cdb It's probably well past time for this: change PuTTY's default
character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).

[originally from svn r9843]
2013-05-25 14:03:19 +00:00
Simon Tatham
a9eb51b7d4 Remove the half-hearted attempt to make the utmp helper process drop
privileges just before dying of a fatal signal. I'm not sure what I
intended it for in the first place; it certainly isn't doing its job
properly (no setgid), it's causing compiler warnings due to not
checking the setuid return code, and we can't think of any useful
purpose for it.

[originally from svn r9766]
2013-02-24 19:28:13 +00:00
Simon Tatham
74bc2635ad Don't forget to check the return values of setuid and friends.
[originally from svn r9764]
2013-02-23 21:00:29 +00:00
Simon Tatham
896f9f2256 Reorganise setup_fonts_ucs so that in case of error it does nothing
and returns its error message as a string, instead of actually
printing it on standard error and exiting. Now we can preserve the
previous error behaviour when we get a nonexistent font name at
startup time, but no longer rudely terminate in mid-session if the
user configures a bogus font name in Change Settings.

[originally from svn r9745]
2013-01-13 21:59:10 +00:00
Simon Tatham
9a7dd918da Switch round a bogus if statement I've just noticed. Both the write to
pty_utmp_helper_pipe _and_ the close of it if we're not going to write
should be conditionalised on the pipe existing, rather than just the
former!

[originally from svn r9729]
2012-12-18 09:19:04 +00:00
Simon Tatham
7c22b1d755 Patch from Brad Smith to use posix_openpt() instead of
open("/dev/ptmx"), where the former is available. Improves
portability, since at least one OS (OpenBSD) supports the POSIX pty
functions but does it via an underlying mechanism which doesn't
involving having a /dev/ptmx.

[originally from svn r9728]
2012-12-18 09:02:38 +00:00
Simon Tatham
25c45bf043 Use O_NOCTTY (if available) when opening /dev/ptmx, just in case any
OS doesn't automatically assume it.

(It would seem faintly weird to me - surely opening the master end of
a given pty is a fairly good indication that you're _not_ a process
running inside it which wants to have it available as /dev/tty! But
you never know...)

[originally from svn r9727]
2012-12-18 09:02:38 +00:00
Simon Tatham
58870f60e4 If you configure Unix PuTTY to use a proxy, tell it to even proxy
localhost connections, and also enable X forwarding in such a way that
it will attempt to connect to a Unix-domain X server socket, an
assertion will fail when proxy_for_destination() tries to call
sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_
proxied, since they fundamentally can't be.

[originally from svn r9688]
2012-10-16 20:15:51 +00:00
Simon Tatham
5db48dcddb Make --help and --version work consistently across all tools.
Well, at least across all command-line tools on both Windows and Unix,
and the GTK apps on Unix too. The Windows GUI apps fundamentally can't
write to standard output and it doesn't seem sensible to use message
boxes for these purposes :-)

[originally from svn r9673]
2012-09-19 17:08:15 +00:00
Ben Harris
d5836982e2 Two related changes to timing code:
First, make absolute times unsigned.  This means that it's safe to 
depend on their overflow behaviour (which is undefined for signed 
integers).  This requires a little extra care in handling comparisons, 
but I think I've correctly adjusted them all.

Second, functions registered with schedule_timer() are guaranteed to be 
called with precisely the time that was returned by schedule_timer().  
Thus, it's only necessary to check these values for equality rather than 
doing risky range checks, so do that.

The timing code still does lots that's undefined, unnecessary, or just
wrong, but this is a good start.

[originally from svn r9667]
2012-09-18 21:42:48 +00:00
Ben Harris
3fad1f402b Improve window-size handling in Unix Plink.
Unconditionally override the configured terminal size with the one
from stdin if it's available.  This avoids the silliness whereby if
Default Settings had a terminal size set, Plink used this and thus
caused the server to use the wrong size.

[originally from svn r9624]
2012-08-25 22:57:39 +00:00
Simon Tatham
aa5bae8916 Introduce a new utility function smemclr(), which memsets things to
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.

[originally from svn r9586]
2012-07-22 19:51:50 +00:00
Simon Tatham
3d3052f680 Add '-Wall -Werror' to the compile options in the autotools makefile,
having just noticed that Makefile.gtk had it and this one doesn't. (Of
course, this being autoconf, we can easily enough make it conditional
on the compiler actually being gcc.)

[originally from svn r9583]
2012-07-19 04:42:34 +00:00
Simon Tatham
75239b955b If pterm's execvp fails when given the whole argument list after -e,
and the argument list contains only one string, try again by passing
that single string to "$SHELL -c" to be parsed as a shell command.
This matches xterm's behaviour (as of xterm 261, at least), and means
in practice that users can do _either_ of 'pterm -e some command' and
'pterm -e "some command"'.

(A quick survey suggests that the majority of X terminal programs agree
with pterm's old behaviour of only supporting '-e some command',
except that gnome-terminal only supports the other behaviour and xterm
supports both. With that disagreement, I think supporting both is
probably the sensible thing.)

[originally from svn r9575]
2012-07-11 18:12:17 +00:00
Simon Tatham
a3f74661c8 Turns out that the compose-keys fix in r9567 did in fact break one
piece of keyboard handling: if Num Lock is on, numeric keypad keys are
eaten by the IM, so we must avoid passing them to the IM in the first
place if we're in any non-default numeric keypad mode (application or
Nethack).

This is a grubby way to do it, but the more obvious approach of just
moving the Nethack and app-keypad if statements up to above the IM
call doesn't work because those statements depend on the generic
Alt-prefix handling that happens just _below_ the IM call. So instead
I just repeat the list of keystrokes and modes in an if statement
conditionalising the IM call.

[originally from svn r9573]
[r9567 == 7fc8db15b2]
2012-07-05 23:45:20 +00:00
Simon Tatham
d0ac277f78 Stop including <gtk/gtkcontainer.h> directly, since a user points out
that it'll be absent in GTK 3.

[originally from svn r9571]
2012-07-01 16:55:36 +00:00
Simon Tatham
72640ff615 Add the missing code to treat data coming from the input method as
keypresses for purposes of hiding the mouse pointer and resetting the
scrollback.

[originally from svn r9568]
2012-06-18 18:10:59 +00:00
Simon Tatham
7fc8db15b2 Support for dead keys and compose sequences on Unix, by instantiating
a GtkIMMulticontext and having that filter most keypresses. I think
I've got this right so that it doesn't break any previous deliberate
keyboard-handling behaviour that's now _after_ the 'if (filter
keypress) return' statement.

[originally from svn r9567]
2012-06-17 07:26:23 +00:00
Simon Tatham
bc6e0952ef Introduce a third setting for the 'bold as colour' mode, which lets
you both brighten the colour _and_ bold the font at the same time.
(Fixes 'bold-font-colour' and Debian #193352.)

[originally from svn r9559]
2012-06-09 15:09:22 +00:00
Simon Tatham
29184e3702 Fix bug in the new CLOCK_MONOTONIC implementation. I was treating the
nanoseconds field as a microseconds field, with hilarious consequences.

[originally from svn r9535]
2012-05-15 22:19:21 +00:00